Re: Accepted openssh 1:4.7p1-9 (source all i386)
Joey Hess <joeyh@debian.org> writes:
> Russ Allbery wrote:
>> Do we have a feel for how astronomically unlucky you have to get? If
>> it's really astronomical, it's probably not worth worrying about. (My
>> general rule of thumb on that sort of thing is that if the chances of a
>> collision are lower than the chances of hardware failure during the
>> course of the operation, it's probably not worth taking any special
>> safeguards.)
> By that line of thinking, ssh-keygen shouldn't bother checking its
> system calls either. Probability of system call failure is roughly
> equaly to the probability of hardware failure.
You're comparing a false positive to a false negative, and I think that
changes the situation considerably. What I said above was only intended
to apply to cases where something will fail when it's not actually a
problem, as opposed to cases where a failure will go silently undetected
and possibly result in data corruption.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: