On Wednesday 10 September 2003 08:15 pm, Nick Tarleton wrote:
> On Wednesday 10 September 2003 05:26 pm, [EMAIL PROTECTED] wrote:
> > On Wed, 10 Sep 2003 13:53:49 -0700
> > =?iso-8859-1?Q?J=E9r=F4me_ou_Sally_Bonnet?=
> >
> > <[EMAIL PROTECTED]> wrote:
> > >Is it possible to design a program that creates a file that matches
> > >a specific CHK, so that it would be possible to prevent users from
> > >accessing a specific file by injecting the colliding file in the
> > >network before the target file becomes too popular?
> >
> > Yes, it is possible. But it is computationally very hard. For any given
> > CHK there are an infinite number of files that yield that CHK after
> > insertion. The problem is finding one of them.
>
> To quibble, for files of a size of N bits, the number of files matching a
> given SHA1 hash is going to be around (2^N)/(2^160). A pretty large number,
> but a very tiny fraction of N.
>
> All right, I just had to show off my m47h skillz...
Hmm. This can't be right; at some point this would be greater than N.
No matter what, it'd be very hard to calculate a file for a given CHK,
especially given that the size of the file is also part of the key.
BTW, what prevents someone from lying about a CHK, because the data is
encrypted after hashing? Couldn't you insert 16K of NULLs and claim that
their CHK is that of a real site? I'm sure this was seen and stopped in some
way I don't understand; would anyone be so kind as to share that?
--
"I love deadlines. I love the whooshing sound they make as they go by."
- Douglas Adams
Nick Tarleton - [EMAIL PROTECTED] - PGP key available
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
