On Tue, Sep 28, 2004 at 12:05:51PM +0300, Giorgos Keramidas wrote: > On 2004-09-27 07:13, Colin Percival <cperciva@wadham.ox.ac.uk> wrote: > > Giorgos Keramidas wrote: > > >Increasing the number of bits the hash key uses will decrease the > > >possibility of a collision but never eliminate it entirely, AFAICT. > > > > How small does a chance of error need to be before you're willing to > > ignore it? > > That's a good question. I'm not sure I have a definitive answer, but > the possibility of a collision is indeed scary. Especially since I > haven't seen a study of the real probability of a collition is, given > the fact that passwords aren't (normally) random binary data but a > much smaller subset of the universe being hashed. I could be wrong but arn't hash values more random dan anything a user can in put. > > If an appropriately strong hash is used (eg, SHA1), then the probability > > of obtaining an incorrect /etc/*pwd.db with a correct hash is much > > smaller than the probability of a random incorrect password being > > accepted. Remember, passwords are stored by their MD5 hashes, so a > > random password has a 2^(-128) chance of working. > > I was probably being unreasonably paranoid about 'modified' passwords > that don't get detected as modified, but what you describe is also > true. You could simply scp these few files afther the rsync. There's files aren't that large. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/FreeBSD/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"