> Sorry, this is all bunk. You shouldn't be worried about > an accidental collision. You should be worried about > an intentional collision. Especially if your filesystem > stores data that is under the attackers control such as > email messages, web page caches, etc. So what you need > to analyze isn't how often an accidental collision happens > but how hard it is to create an intentional collision. > All the popular hash algorithms have been losing ground to > attackers lately.
can you make this a little more concrete? i'm having trouble understanding how a email that an attacker controls is a problem. assuming the attacker can predict the headers add well enough, this implies that the attacker, given access to your venti, can retrieve an email said attacker sent. where's the problem? i don't see it yet. - erik
