war story: parallel(1) command
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Tue Jul 30 17:40:34 UTC 2013
| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>
|
| On Tue, Jul 30, 2013 at 12:33:28AM -0400, Eric B wrote:
| > One would think that MD5 is good enough,
| > but because it is cryptographically broken, you could find collisions
| > that were legitimately generated and not adversarial.
| > For example, you might unpack something related to hashes, and it
| > contains examples of two different files with duplicate MD5 hashes.
|
| Well no. Because flaws have been found, adversarial collisions are
| apparently possible. That doesn't really affect the likelihood of you
| accidentally finding two files with a collision.
Oh, but it does. In just the way that Eric pointed out.
People will have created files with MD5 collisions to demonstrate the
problem. Those files *might* end up in your filesystem for some
reason.
I know it sounds far fetched. How about a 1 in a 1000th chance: after
all, those files are interesting and are news. That's way more likely
than an md5 collision if the flaw hadn't been discovered.
So human discoveries can cause problems without there actually being
an adversary.
A cute example from Eric.
| > To be safe, use a stronger hash.
|
| To be _safer_, not _safe_.
Right. But at a some point we tend to use the simpler concept of
"safe". And then get surprised. Like: driving in a car is safe.
Most cryptographic hashes are (currently) safe, in every-day use of
the term, as far as we know.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list