User: Password:
|
|
Subscribe / Log in / New account

Why am I seeing a security exploit?

Why am I seeing a security exploit?

Posted Apr 3, 2013 20:26 UTC (Wed) by bronson (subscriber, #4806)
In reply to: Why am I seeing a security exploit? by jmorris42
Parent article: Widening ext4's readdir() cookie

The odds of a random 64 bit collision are worse than 10^18. Since you'll win the lottery thousands of times before that happens, you'll be too rich to care about two gobbledlygook filenames colliding. (But then, you've probably also been fried by lightning and crushed twice by the International Space Station...)

More seriously, there are other sources of error in your computer that are far more worthy of your attention: http://en.wikipedia.org/wiki/Soft_error

It's true that all bets are off if an attacker can break the hash. But, if/when that happens, the fix will probably be a straightforward kernel patch.


(Log in to post comments)

Why am I seeing a security exploit?

Posted Apr 4, 2013 16:20 UTC (Thu) by jimparis (subscriber, #38647) [Link]

The odds of two hashes colliding may be 1 in 10^18, but this grows with the number of files. With 60,000 files it's 1 in 10^10. Make up a use case where you're frequently creating or recreating directories with that many files, and it's not far fetched to expect someone to run into a collision pretty soon.

(numbers from http://preshing.com/20110504/hash-collision-probabilities)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds