Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory

From: "Seth Breidbart" <sethb () panix com>
Date: Tue, 12 Aug 2008 16:44:50 -0500 ( )
On Fri, August 8, 2008 8:37 pm, Forrest J. Cavalier III wrote:

Eric Rescorla wrote:


To be concrete, we have 2^15 distinct keys, so, the
probability of a false positive becomes (2^15)/(2^b)=2^(b-15).
To get that probability below 1 billion, b+15 >= 30, so
you need about 45 bits. I chose 64 because it seemed to me
that a false positive probability of 2^{-48} or so was better.



Since it's a known set, I think you can use perfect hashing.
There will still be false positives,


Since we don't care _which_ bad key it is, wouldn't
as-imperfect-as-possible hashing be better, by minimizing false positives?

Seth


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: