|
Full Disclosure
mailing list archives
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
From: "Forrest J. Cavalier III" <mibsoft () mibsoftware com>
Date: Fri, 08 Aug 2008 21:37:44 -0400
Eric Rescorla wrote:
To be concrete, we have 2^15 distinct keys, so, the
probability of a false positive becomes (2^15)/(2^b)=2^(b-15).
To get that probability below 1 billion, b+15 >= 30, so
you need about 45 bits. I chose 64 because it seemed to me
that a false positive probability of 2^{-48} or so was better.
-Ekr
Since it's a known set, I think you can use perfect hashing.
There will still be false positives, but presumably no
"bad" keys, nor keys matching the hash everyone agrees on,
are going to be issued after today, right?
Yeah, right.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Clausen, Martin (DK - Copenhagen) (Aug 12)
|
