Giorgos Keramidas wrote: > There is one difference between ``looking for collisions'' and being > bitten by undetected collisions though. True. But if the best known collision-finding algorithm takes f(p) operations in order to achieve a probability p of having found a collision, and you've performed less than f(p) operations, then either the chance of you being bitten by an undetected collision is less than p, or you've managed to improve upon the best-known collision-finding algorithm. For f(p) = 2^80 * sqrt(p), none of us are ever going to perform enough operations to make the chance of stumbling across a collision by accident a significant risk. Colin Percival _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"