>Do you need assurances that in the next 5 seconds a meteorite won't fall
>to Earth and crush you? No. And yet, the Earth puts on thousands of tons
>of weight each year from meteoric bombardment and people have been hit
>and killed by them (not to speak of mass extinction events). Nobody has
>ever demonstrated of being able to produce a hash collision in any
>suitably long hash (128-bits plus) using a random search. All hash
>collisions have been found by attacking the weaknesses in the
>mathematical definition of these functions (i.e. some part of the input
>didn't get obfuscated well in the hash function machinery and spilled
>over into the result, resulting in a slight, but usable non-randomness).
The reason why we don't protect against such event because it would
be extremely expensive with a very small chance of it being needed.
"verify" doesn't cost much so even if the risk as infinitesimal as a
direct meteorite hit, it may still be cost effective.
(Just like we'd better be off preparing for the climate changing (rather
cheap) rather then trying to keep the climate from changing (impossible
and still extremely expensive)
zfs-discuss mailing list