Re: compare-by-hash (was Re: sharing /etc/passwd)

From: Jason Stone (freebsd-security_at_dfmm.org)
Date: 09/28/04

  • Next message: David Schultz: "Re: compare-by-hash (was Re: sharing /etc/passwd)"
    Date: Tue, 28 Sep 2004 13:09:35 -0700 (PDT)
    To: freebsd-security@FreeBSD.ORG
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > One thing to keep in mind is that the collision-resistance of SHA-1 is
    > an unproven conjecture.

    sure, I was going to mention that - indeed, md4 is the algorithm used in
    rsync, and it _has_ been shown to be less collision-resistant than the
    full 128-bits would imply.

    which means that instead of finding only one collision in the entire
    lifetime of the universe, you'll find four.

    it doesn't change the fact that the probability of your computer catching
    fire and killing you, in an absolutely real and literal sense, is many
    millions of times higher, and that the time you spend worrying about this
    would be much, much better spent backing up your data offsite and wearing
    kevlar pants.

    also, excellent point someone made about passwords already using md5 in
    freebsd - this means that there are already an infinite number of
    passwords that will let someone into your box as root, right now, this
    very instant. so using rsync, you're hardly worse off....

     -Jason

     --------------------------------------------------------------------------
     Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
     that he was insufficiently fondled when he was an infant.
            -- Ashley Montagu
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (FreeBSD)
    Comment: See https://private.idealab.com/public/jason/jason.gpg

    iD8DBQFBWcUBswXMWWtptckRAi3rAJ4tyujyV0XyT7nC2VpdntVA5KjIbwCdHkpZ
    OSGmWnJPtrb4DLrwNz0HaEA=
    =UZOZ
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: David Schultz: "Re: compare-by-hash (was Re: sharing /etc/passwd)"

    Relevant Pages

    • RE: Drive Disconnection
      ... I'm current redoing the entire process, wipe, build filesystem, mount, rsync using the USB port. ... Can you recommend an ESATA card that fits in an PCI slot since my server doesn't have a PCI-E slot? ... However when I perform an rsync backup from a FreeBSD 7.1 PRERELEASE ... SiI controller, but when I see them, I become immediately suspicious. ...
      (freebsd-questions)
    • Re: ZFS
      ... Rsync (64-bit FreeBSD 7-Stable from August, ... That host only has about 2GB ram though. ... I have the following tunables (for ZFS) set: ...
      (freebsd-stable)
    • Re: Rsync From FreeBSD To Windows
      ... I want to rsync from a FreeBSD directory to the Windows share. ... reasons I seem to not be able to discover, ...
      (freebsd-questions)
    • Re: ZFS
      ... Rsync (64-bit FreeBSD 7-Stable from August, ... And full system restores are as simple as "boot livecd, ... That host only has about 2GB ram though. ...
      (freebsd-stable)
    • Re: Re: ZFS
      ... Rsync (64-bit FreeBSD 7-Stable from August, ... controllers as single-disks). ... I have the following tunables (for ZFS) set: ...
      (freebsd-stable)