war story: parallel(1) command

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Tue Jul 30 19:25:43 UTC 2013


On Tue, Jul 30, 2013 at 01:40:34PM -0400, D. Hugh Redelmeier wrote:
> Oh, but it does.  In just the way that Eric pointed out.
> 
> People will have created files with MD5 collisions to demonstrate the
> problem.  Those files *might* end up in your filesystem for some
> reason.

Do you KNOW what a collision is?  All it is, is that they managed to
create a file that has the same checksum as another file that they had.
Being able to create a file with a specific checksum is very interesting,
if the only check of a file's integrety is the checksum.  The idea
of a good hash function of course is that you are not supposed to be
able to create a file to get a specific checksum, and the fact this has
been done in the case of md5 means that it is no longer good enough for
ensuring a file hasn't been tampered with.  It is still perfectly fine
for detecting if files are likely the same and whether they are likely
to have been changed.

If you are using checksums as part of a file comparison, then all having
two files with the same checksum and size means, is that those files
are worth bothering to compare to see if they are in fact identical.

> I know it sounds far fetched.  How about a 1 in a 1000th chance: after
> all, those files are interesting and are news.  That's way more likely
> than an md5 collision if the flaw hadn't been discovered.

The pair of files are interesting for being different yet having the
same md5 sum.  Individually the files are not interesting.  Having one of
the files around by itself isn't interesting either and causes no issue.

> So human discoveries can cause problems without there actually being
> an adversary.
> 
> A cute example from Eric.
> 
> | > To be safe, use a stronger hash.
> | 
> | To be _safer_, not _safe_.
> 
> Right.  But at a some point we tend to use the simpler concept of
> "safe".  And then get surprised.  Like: driving in a car is safe.
> 
> Most cryptographic hashes are (currently) safe, in every-day use of
> the term, as far as we know.

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list