compare-by-hash (was Re: sharing /etc/passwd)
Colin Percival
cperciva at wadham.ox.ac.uk
Mon Sep 27 07:13:58 PDT 2004
Giorgos Keramidas wrote:
> Increasing the number of bits the hash key uses will decrease the
> possibility of a collision but never eliminate it entirely, AFAICT.
How small does a chance of error need to be before you're willing to
ignore it?
> What I pointed out was that when a non-zero possibility of two data
> blocks comparing as equal (even though they are no) exists, the method
> in question should not be used for password data or other sensitive bits
> of information. A larger hash key will never yield a possibility of
> zero, so it doesn't mean that you can sleep untroubled at night while
> the rsync server overwrites /etc/*pwd.db files periodically.
If an appropriately strong hash is used (eg, SHA1), then the probability
of obtaining an incorrect /etc/*pwd.db with a correct hash is much
smaller than the probability of a random incorrect password being
accepted. Remember, passwords are stored by their MD5 hashes, so a
random password has a 2^(-128) chance of working.
If, on the other hand, you're concerned about accidentally locking
yourself out of the server as a result of an undetected mangling of the
password database... you should be more worried about the server, and
all your backups, being simultaneously hit by lightning. :-)
Colin Percival
More information about the freebsd-security
mailing list