From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <2e8cfe0de708d27fe4d3499c44291e52@felloff.net> Date: Mon, 27 Feb 2017 21:05:39 +0100 From: cinap_lenrek@felloff.net To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] SHA-1 collision and venti Topicbox-Message-UUID: b5ecd960-ead9-11e9-9d60-3106f5b1d025 couldnt you apply encryption before hashing? so to mount a collision attack you'd also need to know the encryption key used by the underlying storatge system (fossil, vac). so you dont just keep the the network address of your venti server but also the encryption key. just make it part of the dial string or something... -- cinap