How did the parent get moderated "Informative"?!? There are 20 potential moves in the first iteration for chess, and exactly 361 (19*19) for Go. There are around 10^120 possible chess games, and around 10^760 possible Go games. That's why the milion-dollar prize for the first program to beat 1-dan Go player is still not taken.
SHA-1 breaks data into 512 bit blocks and processes each block independently - then it adds the result to 5 registers and processes the next block. If you wished to silently change some important piece of data using the state-saving technique, you'd have to find a pad within the same 512 bit block and modify it in such a way to get the same output state as the original unmodified block.
Not neccessarily. I can modify the last block to compensate for the change I made in the middle - so that the final hash would remain unchanged. Nobody cares about intermediate states - it's the final result that counts.
The state-saving technique just reduces the size of data that needs to be processed - one block for each of 2^512 input variants instead of the whole ISO image (around 13000000 blocks)
512 = 2^9, which is very much smaller than the 2^160 bits that must exactly match, so the probability of success using this technique is infinitessimal. Put another way, the cryptographer reviewers probably thought about this initially and quickly ruled it out.
SHA-1 produces 160-bit hashes, that's 2^160 possible hashes. By changing just the last 512-bit block of the text I can generate 2^512 different inputs for SHA-1 with big chance of finding one that gives the result I need. Calculating 2^512 hashes is still a time consuming-task though.
Lets say I have an ISO disk image. I hack it, and want to modify some of the 'junk' bits using their algorithm. I'd still need to perform 590295810358705651712 hash operations on that image. Computing the hash of a disc is a slow operation. That's not something I could do in a day, week, or even a few months. Perhaps if I had a massivly parallel computer available, I could do it, but not as an individual.
No need to compute the hash of a whole disc. You can calculate the internal state of SHA-1 after processing the whole image except - lets say - the last kilobyte (you do it ONCE) and find a collision by modifying only this last kilobyte with great chance of succeeding. There are 2^8192 variants of the last kilobyte, but only 2^160 variants of the hash - that's why you'll probably succeed.
That's easy. One could easily cross-subscribe lists mentioned in this story to the others (they don't bother to verify requests), generating a flood which will possibly make their servers unresponsive. BTW, real subscribers would get tons of e-mails they have never seen. I wonder what impact on the net would such a tsunami have...
I don't want to get used to sendmail's configuration syntax. I don't want to keep one thing untouched, while editing other thing and regenerating one from the other. This is silly. I've got better things to do.
As of October 2001, 717000 SMTP servers used qmail. Read Dan's surveys. Qmail is second Unix MTA in the Internet. Don't you think this (17%) IS a reasonable percentage? Read the Red Hat case somewhere on cr.yp.to. I've also switched from sendmail (installed by default on my distro), to qmail, and observe a great performance gain.
What is Dan's license? You can download, compile, and run his software for free. What else do you need?
I agree in one point: we all have the choice.
I've read qmail's sources. I believe it's secure. There were NO security holes found in qmail.
One more thing: it's quite possible you'll never need to contact qmail-users list (or read Life with Qmail). Qmail is extremely easy to set up. And once it's up, you simply don't need to upgrade it. It just goes and goes...
Security hole is a bug, right? BIND is buggy.
Come on! Open your mind! Apache is ok but both Sendmail and BIND are evil. Sendmail is buggy and slow. Sendmail is full of security holes.
BIND, in turn, is buggy and slow. BIND is full of security holes.
They've both been like that since the very beginning. Dan's alternatives are fast, secure, and easy to set up. That's why qmail version of Bat Book would have 50 pages:) There is a mailing list for both djbdns and qmail, where you can get help for any problem you encounter.
I don't believe in "complete rewrites". Read the ChangeLogs. There are lots of BIG bugs in BIND 9. Or even better - look from Dan's point of view.
Slashdot Mirror
'Nettverkskort' is self-explanatory.
Try to guess what is 'innebygde'!
How did the parent get moderated "Informative"?!?
There are 20 potential moves in the first iteration for chess, and exactly 361 (19*19) for Go.
There are around 10^120 possible chess games, and around 10^760 possible Go games. That's why the milion-dollar prize for the first program to beat 1-dan Go player is still not taken.
SHA-1 breaks data into 512 bit blocks and processes each block independently - then it adds the result to 5 registers and processes the next block. If you wished to silently change some important piece of data using the state-saving technique, you'd have to find a pad within the same 512 bit block and modify it in such a way to get the same output state as the original unmodified block.
Not neccessarily. I can modify the last block to compensate for the change I made in the middle - so that the final hash would remain unchanged. Nobody cares about intermediate states - it's the final result that counts.
The state-saving technique just reduces the size of data that needs to be processed - one block for each of 2^512 input variants instead of the whole ISO image (around 13000000 blocks)
512 = 2^9, which is very much smaller than the 2^160 bits that must exactly match, so the probability of success using this technique is infinitessimal. Put another way, the cryptographer reviewers probably thought about this initially and quickly ruled it out.
SHA-1 produces 160-bit hashes, that's 2^160 possible hashes. By changing just the last 512-bit block of the text I can generate 2^512 different inputs for SHA-1 with big chance of finding one that gives the result I need. Calculating 2^512 hashes is still a time consuming-task though.
Lets say I have an ISO disk image. I hack it, and want to modify some of the 'junk' bits using their algorithm. I'd still need to perform 590295810358705651712 hash operations on that image. Computing the hash of a disc is a slow operation. That's not something I could do in a day, week, or even a few months. Perhaps if I had a massivly parallel computer available, I could do it, but not as an individual.
No need to compute the hash of a whole disc. You can calculate the internal state of SHA-1 after processing the whole image except - lets say - the last kilobyte (you do it ONCE) and find a collision by modifying only this last kilobyte with great chance of succeeding. There are 2^8192 variants of the last kilobyte, but only 2^160 variants of the hash - that's why you'll probably succeed.
Oh, let's just force them to change name to GNU/SCO and we'll forget about the whole mess.
I've got a new sig. Thanks!
The guy's name is Komsta, not Komasta... Do we have a fix-my-spelling pill?
That's easy. One could easily cross-subscribe lists mentioned in this story to the others (they don't bother to verify requests), generating a flood which will possibly make their servers unresponsive. BTW, real subscribers would get tons of e-mails they have never seen. I wonder what impact on the net would such a tsunami have...
I don't want to get used to sendmail's configuration syntax. I don't want to keep one thing untouched, while editing other thing and regenerating one from the other. This is silly. I've got better things to do.
As of October 2001, 717000 SMTP servers used qmail. Read Dan's surveys. Qmail is second Unix MTA in the Internet. Don't you think this (17%) IS a reasonable percentage? Read the Red Hat case somewhere on cr.yp.to. I've also switched from sendmail (installed by default on my distro), to qmail, and observe a great performance gain.
What is Dan's license? You can download, compile, and run his software for free. What else do you need?
I agree in one point: we all have the choice.
I've read qmail's sources. I believe it's secure. There were NO security holes found in qmail.
One more thing: it's quite possible you'll never need to contact qmail-users list (or read Life with Qmail). Qmail is extremely easy to set up. And once it's up, you simply don't need to upgrade it. It just goes and goes...
Security hole is a bug, right? BIND is buggy.
Come on! Open your mind! Apache is ok but both Sendmail and BIND are evil. Sendmail is buggy and slow. Sendmail is full of security holes. :) There is a mailing list for both djbdns and qmail, where you can get help for any problem you encounter.
BIND, in turn, is buggy and slow. BIND is full of security holes.
They've both been like that since the very beginning. Dan's alternatives are fast, secure, and easy to set up. That's why qmail version of Bat Book would have 50 pages
I don't believe in "complete rewrites". Read the ChangeLogs. There are lots of BIG bugs in BIND 9. Or even better - look from Dan's point of view.