From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Sat,  6 Feb 2010 13:42:18 -1000
From: Tim Newsham <newsham@lava.net>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
In-Reply-To: <4B6DB95F.4090907@maht0x0r.net>
Message-ID: <Pine.BSI.4.64.1002061338530.5454@malasada.lava.net>
References: <4B6DB95F.4090907@maht0x0r.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: Re: [9fans] In case anyone worries about block hash collision in
 venti
Topicbox-Message-UUID: ceea67b0-ead5-11e9-9d60-3106f5b1d025

> http://www.c0t0d0s0.org/archives/6349-Perceived-Risk.html

Sorry, this is all bunk.  You shouldn't be worried about
an accidental collision.  You should be worried about
an intentional collision.  Especially if your filesystem
stores data that is under the attackers control such as
email messages, web page caches, etc.  So what you need
to analyze isn't how often an accidental collision happens
but how hard it is to create an intentional collision.
All the popular hash algorithms have been losing ground to
attackers lately.

The simple solution is to use a keyed hash rather than
an unkeyed one and keep the key secret from potential
attackers.

Tim Newsham | www.thenewsh.com/~newsham | thenewsh.blogspot.com