full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] OpenID/Debian PRNG/DNS

Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Seth Breidbart <sethb_at_nospam>
Date: Tue Aug 12 2008 - 21:44:50 GMT
To: "Forrest J. Cavalier III" <mibsoft@mibsoftware.com>


On Fri, August 8, 2008 8:37 pm, Forrest J. Cavalier III wrote: > Eric Rescorla wrote: >>
>> To be concrete, we have 2^15 distinct keys, so, the
>> probability of a false positive becomes (2^15)/(2^b)=2^(b-15).
>> To get that probability below 1 billion, b+15 >= 30, so
>> you need about 45 bits. I chose 64 because it seemed to me
>> that a false positive probability of 2^{-48} or so was better.

> Since it's a known set, I think you can use perfect hashing. > There will still be false positives,

Since we don't care _which_ bad key it is, wouldn't as-imperfect-as-possible hashing be better, by minimizing false positives?

Seth



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/