[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted openssh 1:4.7p1-9 (source all i386)

Joey Hess <joeyh@debian.org> writes:
> Russ Allbery wrote:

>> Do we have a feel for how astronomically unlucky you have to get?  If
>> it's really astronomical, it's probably not worth worrying about.  (My
>> general rule of thumb on that sort of thing is that if the chances of a
>> collision are lower than the chances of hardware failure during the
>> course of the operation, it's probably not worth taking any special
>> safeguards.)

> By that line of thinking, ssh-keygen shouldn't bother checking its
> system calls either. Probability of system call failure is roughly
> equaly to the probability of hardware failure.

You're comparing a false positive to a false negative, and I think that
changes the situation considerably.  What I said above was only intended
to apply to cases where something will fail when it's not actually a
problem, as opposed to cases where a failure will go silently undetected
and possibly result in data corruption.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: