Nick Tarleton wrote:
On Wednesday 10 September 2003 08:15 pm, Nick Tarleton wrote:
On Wednesday 10 September 2003 05:26 pm, [EMAIL PROTECTED] wrote:
On Wed, 10 Sep 2003 13:53:49 -0700 =?iso-8859-1?Q?J=E9r=F4me_ou_Sally_Bonnet?=
<[EMAIL PROTECTED]> wrote:
Is it possible to design a program that creates a file that matches a specific CHK, so that it would be possible to prevent users from accessing a specific file by injecting the colliding file in the network before the target file becomes too popular?
Yes, it is possible. But it is computationally very hard. For any given CHK there are an infinite number of files that yield that CHK after insertion. The problem is finding one of them.
To quibble, for files of a size of N bits, the number of files matching a given SHA1 hash is going to be around (2^N)/(2^160). A pretty large number, but a very tiny fraction of N.
All right, I just had to show off my m47h skillz...
Hmm. This can't be right; at some point this would be greater than N.
Yeah, I'm not sure this logic is getting anywhere. Lets say I want to block a particular y bit file (y < 160) with CHK x. If you start trying to find a file with CHK x by looking at all possible files, then of course you'll find the file in just 2^y tries, since you'll have stumbled across the actual file! But that's no use to use, since you need a _different_ file than the one you're trying to block. So you've gotta keep looking, and that'll probably take 2^159 tries as was said earlier.
I just made all this up so maybe I'm wrong, but it makes sense to me. :-)
No matter what, it'd be very hard to calculate a file for a given CHK, especially given that the size of the file is also part of the key.
BTW, what prevents someone from lying about a CHK, because the data is encrypted after hashing? Couldn't you insert 16K of NULLs and claim that their CHK is that of a real site? I'm sure this was seen and stopped in some way I don't understand; would anyone be so kind as to share that?
_______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
