Re: compare-by-hash (was Re: sharing /etc/passwd)
From: Alex de Kruijff (freebsd_at_akruijff.dds.nl)
Date: Tue, 05 Oct 2004 08:29:19 +0200 To: Giorgos Keramidas <email@example.com>
On Tue, Sep 28, 2004 at 12:05:51PM +0300, Giorgos Keramidas wrote:
> On 2004-09-27 07:13, Colin Percival <firstname.lastname@example.org> wrote:
> > Giorgos Keramidas wrote:
> > >Increasing the number of bits the hash key uses will decrease the
> > >possibility of a collision but never eliminate it entirely, AFAICT.
> > How small does a chance of error need to be before you're willing to
> > ignore it?
> That's a good question. I'm not sure I have a definitive answer, but
> the possibility of a collision is indeed scary. Especially since I
> haven't seen a study of the real probability of a collition is, given
> the fact that passwords aren't (normally) random binary data but a
> much smaller subset of the universe being hashed.
I could be wrong but arn't hash values more random dan anything a user
can in put.
> > If an appropriately strong hash is used (eg, SHA1), then the probability
> > of obtaining an incorrect /etc/*pwd.db with a correct hash is much
> > smaller than the probability of a random incorrect password being
> > accepted. Remember, passwords are stored by their MD5 hashes, so a
> > random password has a 2^(-128) chance of working.
> I was probably being unreasonably paranoid about 'modified' passwords
> that don't get detected as modified, but what you describe is also
You could simply scp these few files afther the rsync. There's files
aren't that large.
-- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/FreeBSD/ _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "firstname.lastname@example.org"