Subject: Re: RelCache (aka ELF prebinding) news
To: None <junyoung@netbsd.org>
From: M. Warner Losh <imp@bsdimp.com>
List: tech-userlevel
Date: 12/04/2002 02:04:12
In message: <20021203170441.GA1002@krishna>
Bang Jun-Young <junyoung@netbsd.org> writes:
: On Tue, Dec 03, 2002 at 10:32:31AM -0500, Thor Lancelot Simon wrote:
: > However, with no way to characterize how often CRC will actually collide
: > under those constraints, I'm still left doing a lot of guessing. From a
: > pragmatic point of view, it seems reasonable to use both a 32-bit CRC
: > and a 32-bit sum computed using a completely different method, plus the
: > metadata. We can't _really_ say how often there will be collisions, but
: > I'd bet you an awful lot of money that you won't see one this decade.
:
: Okay, I decided to use CRC32 and Adler32 together. I believe there will be
: no more objections to that, unless someone proved that two different
: files could have the same CRC32 and the same Adler32 sum. ;-)
:
: (Idea of using metadata was dropped, since no one could get the same
: value from the same file after it's moved back and forth).
Much of this discussion has focused on 'are these two random files the
same' but not on 'the attacker can add arbitrary data to make them the
same' Two different functions help that, but don't eliminate the
possibility completely.
Warner