On Mon, May 20, 2002 at 09:35:44AM +0100, Matt Sergeant wrote:
> Michael Stenner wrote:
> > On Fri, May 17, 2002 at 04:15:34PM -0400, Theo Van Dinter wrote:
> >>I would be extremely surprised if two people report different messages
> >>that result in the same hash. Although completely possible, it's also
> >>very very unlikely.
> >
> > [ this is a rough order-of-magnitude calculation only. If you're
> > deliberately attacking the DB, you can do slightly better, but I just
> > wanted to make it clear, that neither accidents nor spammers are
> > likely to pose a serious problem ]
>
> Unfortunately that's not strictly true.
>
> You could very easily poison the database using short english phrases. I
> see an awful lot of emails that just contain single words, such as:
> "Hello???" or "How did it go?" etc. Generating things like that using a
> Markov Chain system wouldn't be terribly hard.
1) the razor people are taking steps to deal with this problem.
2) the point you raise has absolutely nothing to do with hashes.
You're pointing out that two messages have the same hash if they
are the same message. Note that Theo's original message says
"different messages that result in the same hash".
Completely getting rid of the hash step (and storing entire
messages in the db) would have no effect, except to take up space
and slow things down.
Basically, I agree with you, but it's a different issue and one that
the razor people are addressing.
-Michael
--
Michael Stenner Office Phone: 919-660-2513
Duke University, Dept. of Physics [EMAIL PROTECTED]
Box 90305, Durham N.C. 27708-0305
_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
