From: Robert Raschke <rrplan9@tombob.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] thoughs about venti+fossil
Date: Thu, 6 Mar 2008 17:09:10 +0000 [thread overview]
Message-ID: <6fd1d56822dbcdd02ffbdd873fc1a838@tombob.com> (raw)
In-Reply-To: <68a46edfa8e40c2fc74da101e3dbe24b@terzarima.net>
Hi,
as far as I understand, there was recently a finding that SHA1 (or
MD5, can't remember off the top of my head) is potentially unsafe to
be used as a SIGNATURE of a document. This is because somebody
managed to CONSTRUCT a text that ended up getting the same hash as
another (this is apparently not the easiest thing to do either). And
that leads to potential falsification of data while still having a
supposedly valid signature.
This is completely different to what venti uses hashes for, where the
hash is computed on REAL (not constructed) data blocks for indexing
purposes. If you manage to go out of your way and construct a block
that ends up clashing with an existing hash index, it doesn't matter,
because you won't break the existing data with it!
I get the impression that the former clouds the understanding of the
latter.
Robby
next prev parent reply other threads:[~2008-03-06 17:09 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-05 4:00 Enrico Weigelt
2008-03-05 4:11 ` Roman Shaposhnik
2008-03-05 4:43 ` erik quanstrom
2008-03-05 5:09 ` Roman Shaposhnik
2008-03-05 5:52 ` Enrico Weigelt
2008-03-05 6:24 ` geoff
2008-03-05 6:35 ` Taj Khattra
[not found] ` <7f575fa27b41329b9ae24f40e6e5a3cd@plan9.bell-labs.com>
2008-03-06 4:04 ` Enrico Weigelt
2008-03-06 4:13 ` Bruce Ellis
2008-03-06 4:15 ` andrey mirtchovski
2008-03-06 4:31 ` Bruce Ellis
2008-03-06 6:16 ` Enrico Weigelt
2008-03-06 18:50 ` ron minnich
2008-03-06 19:43 ` Charles Forsyth
2008-03-06 19:45 ` Paul Lalonde
2008-03-06 20:18 ` Bruce Ellis
2008-03-06 21:39 ` Paul Lalonde
2008-03-08 9:06 ` Enrico Weigelt
2008-03-06 22:10 ` Martin Harriss
2008-03-06 6:40 ` Enrico Weigelt
2008-03-06 14:35 ` erik quanstrom
2008-03-06 14:58 ` Tom Lieber
2008-03-06 15:09 ` Charles Forsyth
2008-03-06 17:09 ` Robert Raschke [this message]
2008-03-10 10:19 ` sqweek
2008-03-10 12:29 ` Gorka Guardiola
2008-03-10 13:20 ` erik quanstrom
2008-03-10 19:00 ` Wes Kussmaul
2008-03-10 19:27 ` erik quanstrom
2008-03-10 20:55 ` Bakul Shah
2008-03-11 2:04 ` Wes Kussmaul
2008-03-11 2:10 ` erik quanstrom
2008-03-11 6:03 ` Bruce Ellis
2008-03-10 16:18 ` Russ Cox
2008-03-10 18:06 ` Bruce Ellis
2008-03-10 18:31 ` Eric Van Hensbergen
2008-03-10 18:40 ` Bruce Ellis
2008-03-10 18:46 ` Geoffrey Avila
2008-03-10 20:28 ` Charles Forsyth
2008-03-10 21:35 ` Charles Forsyth
2008-03-06 9:54 ` Wilhelm B. Kloke
2008-03-08 9:37 ` Enrico Weigelt
2008-03-08 9:57 ` Bruce Ellis
2008-03-08 10:46 ` Charles Forsyth
2008-03-08 15:37 ` erik quanstrom
2008-03-06 4:40 ` cummij
2008-03-06 5:15 ` Bruce Ellis
2008-03-06 5:40 ` Uriel
2008-03-06 5:55 ` Bruce Ellis
2008-03-11 18:34 ` Uriel
2008-03-06 12:26 ` erik quanstrom
2008-03-05 5:04 ` geoff
2008-03-05 8:43 ` Charles Forsyth
2008-03-05 9:05 ` Gorka Guardiola
2008-03-05 14:33 ` Russ Cox
2008-03-06 12:39 ` Enrico Weigelt
2008-03-06 16:58 ` Russ Cox
2008-03-06 18:16 ` andrey mirtchovski
[not found] ` <a553f487750f88281db1cce3378577c7@terzarima.net>
2008-03-06 5:38 ` Enrico Weigelt
2008-03-06 9:44 ` Joel C. Salomon
2008-03-05 14:03 erik quanstrom
2008-03-05 16:00 ` Russ Cox
2008-03-06 19:09 Brian L. Stuart
2008-03-06 19:50 ` Charles Forsyth
2015-04-21 18:30 hruodr
2015-04-21 19:46 ` Russ Cox
2015-04-23 7:21 hruodr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6fd1d56822dbcdd02ffbdd873fc1a838@tombob.com \
--to=rrplan9@tombob.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).