Berkeley CSUA MOTD:Entry 53917
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/12 [General] UID:1000 Activity:popular
7/12    

2010/8/9-19 [Computer/SW/Security] UID:53917 Activity:nil
8/9     I got two files, one is size 522190848 and the other is size
        521648128.  Both sha256 to the same number.  (and sha1 too).
        I don't think this is supposed to happen, right? (least not with
        sha256).
        \_ how are you checking?
           \_ I burned one file to cd, so i mounted /cdrom and
              df --block-size=1 /cdrom (=521648128)
              then i re dl'ed the iso and checked the size: 522190848
              both sha256's of iso and /dev/hdc yield the same.
              I have done this type of check on other isos and they yield
              the same sha[1,256] and size on both.  Just this one is weird.
              \_ I don't think df is giving you the number you want.
                 Try "wc -c /dev/hdc".
        \_ hash collisions can (and rarely do) happen.  You're deriving a
           number consisting of some hundreds of bits from data with millions.
           The idea behind the hashing algorithm is that it is hard to get
           collisions on purpose, and rare with small changes i.e. bit error or
           tampering.
           \_ I don't think an SHA-256 collision has ever happened by accident.
              If you have two different files, the probability that they have
              the same SHA-256 hash by chance is 2^-256; that's less than the
              chance that in the one second after you hit Enter to calculate
              the hashes, your computer is obliterated by three separate
              meteorites independently.  It could happen, but it's not very
              likely.
2025/07/12 [General] UID:1000 Activity:popular
7/12    

You may also be interested in these entries...
2004/9/18-20 [Computer/HW/Drives, Recreation/Media] UID:33614 Activity:high 54%like:33810
9/17    Anyone have plans to buy the Star Wars DVDs?
        \_ What's the point? Hasn't everyone already seen the trilogy
           ad naseum for the past 25 years already? Is it really worth
           your time and money to see an addition 10 seconds of modified
           footage? Isn't it time to shelve the action figures and get a
           life?
	...
2004/4/10-12 [Computer/SW/Languages/Perl] UID:13129 Activity:nil
4/10    In perl, can I make the program more portable by first checking if
        a module is available, then "use" or "require" it later?
        \_ I think you can do this with an exec call.  Checking.
           no.  i think i was thinking of using an eval block, but i
           can't quite get it to work.
        \_ You can set up a variables using single quoted strings with
	...
2004/2/29-3/1 [Computer/SW/Security] UID:12457 Activity:nil
2/29    Anyone here have access to an openbsd machine? I'd like to know if
        their implementation of s/key is broken for SHA-1 and RIPEMD-160
        (at least, it's broken in Yuri Yudin's port of openbsd s/key).
        From RFC 2289, running 'skey -sha1 99 correct' and using
        "OTP's are good" as the passphrase should give
        "AURA ALOE HURL WING BERG WAIT". If someone can try that, I'd
	...
2004/3/1 [Computer/SW/OS/FreeBSD] UID:12462 Activity:nil
2/29    \_ s/key on my OpenBSD 3.3 system produces the following output:
           sha1:   AURA ALOE HURL WING BERG WAIT
           rmd160: ONCE FRAY EROS JADE GINA ONE
           --ranga
           \_ thanks!
	...
2003/8/29-30 [Computer/SW/Security] UID:10013 Activity:nil
8/29    How does ssh generate the fingerprint for the rsa public key?
        When I echo <pubkey from ssh_host_rsa_key.pub> | openssl sha1
        I get a different fingerprint than what ssh shows me, but when
        I look at the actual key they are the same.
        \_ umm, you know doing that sums the string 'pubkey', and not
           your actual key right?
	...
2003/3/12-13 [Computer/SW/Security] UID:27668 Activity:very high
3/12    Call me paranoid.  How likely is it for someone to decode traffic
        sent to/from an ssh connection?  The encryption is done end-to-end,
        so if the govt is getting a copy of every packet between two boxes
        is it possible for them to crack it?  I'm not a technical guy BTW,
        I just know the high level functionality of these things.
        \_ If they really REALLY care and are willing to wait a couple of
	...
2002/3/23-24 [Computer/SW/SpamAssassin] UID:24207 Activity:very high
3/22    Anyone know what the [.*] field in the subject of lots of spam
                             \- can you post an example of what you mean here?
        mail is for?  Some sort of tracking, I assume, but what do they
        do with it?
        \_ One goal is to prevent you from using a checksum system to make
           a useful collaborative database of spam in order to block it.  (If
	...