Re: compare-by-hash (was Re: sharing /etc/passwd)

From: Colin Percival (cperciva_at_wadham.ox.ac.uk)
Date: 09/27/04

  • Next message: Mark Andrews: "Re: compare-by-hash (was Re: sharing /etc/passwd)"
    Date: Mon, 27 Sep 2004 07:13:56 -0700
    To: Giorgos Keramidas <keramida@freebsd.org>
    
    

    Giorgos Keramidas wrote:
    > Increasing the number of bits the hash key uses will decrease the
    > possibility of a collision but never eliminate it entirely, AFAICT.

    How small does a chance of error need to be before you're willing to
    ignore it?

    > What I pointed out was that when a non-zero possibility of two data
    > blocks comparing as equal (even though they are no) exists, the method
    > in question should not be used for password data or other sensitive bits
    > of information. A larger hash key will never yield a possibility of
    > zero, so it doesn't mean that you can sleep untroubled at night while
    > the rsync server overwrites /etc/*pwd.db files periodically.

    If an appropriately strong hash is used (eg, SHA1), then the probability
    of obtaining an incorrect /etc/*pwd.db with a correct hash is much
    smaller than the probability of a random incorrect password being
    accepted. Remember, passwords are stored by their MD5 hashes, so a
    random password has a 2^(-128) chance of working.

    If, on the other hand, you're concerned about accidentally locking
    yourself out of the server as a result of an undetected mangling of the
    password database... you should be more worried about the server, and
    all your backups, being simultaneously hit by lightning. :-)

    Colin Percival
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Mark Andrews: "Re: compare-by-hash (was Re: sharing /etc/passwd)"