From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bakul Shah Content-Type: multipart/alternative; boundary=Apple-Mail-6A28A2D7-2A22-4426-8950-8B29F558BD77 Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (1.0) Date: Sun, 26 Feb 2017 10:48:19 -0800 Message-Id: References: <8D987F97-4760-4243-A9E7-F2F3BA9C63E3@bitblocks.com> In-Reply-To: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Subject: Re: [9fans] SHA-1 collision and venti Topicbox-Message-UUID: b5872b92-ead9-11e9-9d60-3106f5b1d025 --Apple-Mail-6A28A2D7-2A22-4426-8950-8B29F558BD77 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable The links are to different files. The pdfs look identical except for color b= ackground. The diff bytes are 193..320. The rest is the same so your first 8= k byte checksum would be the same.=20 > On Feb 26, 2017, at 10:16 AM, Charles Forsyth w= rote: >=20 >=20 >> On 26 February 2017 at 17:25, Bakul Shah wrote: >> Venti is similarly corruptible, right? Since the checksum is over just th= e content. If you downloaded https://shattered.io/static/shattered-1.pdf and= https://shattered.io/static/shattered-2.pdf, venti would lose the contents o= f one. >=20 > Luckily, (a) they are both bigger than the block size usually configured, o= ver which the hash is calculated, and (b) in case someone tries it, you've a= ctually linked to the same file (-2.pdf) but under different names, so there= won't be a collision by following your links. Hurrah! >=20 > Venti detects a collision on the attempt to write the second copy if that d= iffers from the earlier one stored (error "store collision"). The earlier co= py is untouched (venti anyway is write-once per score). > Fossil doesn't handle it well, because it turns up during archiving and en= ds up marking the archive attempt as failed, but it will try again. > Meanwhile, you've got time to change fossil to check the venti error retur= n for "score collision" and announce it, loudly, discarding the second one. > Obviously if you care about something, make sure your version is in venti f= irst! Chances are that collisions arise from naughty people tricking you lat= er. Probably. --Apple-Mail-6A28A2D7-2A22-4426-8950-8B29F558BD77 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

The links are to different f= iles. The pdfs look identical except for color background. The diff bytes ar= e 193..320. The rest is the same so your first 8k byte checksum would be the= same.

On Feb 26, 2017, at 10:16 AM, Charles Forsyth <= ;charles.forsyth@gmail.com&= gt; wrote:

On 26 February 2017 at= 17:25, Bakul Shah <bakul@bitblocks.com> wrote:
Venti is similarly corruptible, right? Since the c= hecksum is over just the content. If you downloaded https://shattered.io/static/shattered-1.pdf and https://shattered.io/static= /shattered-2.pdf, venti would lose the contents of one.

Luckily, (a) they are both bigger than the block size usual= ly configured, over which the hash is calculated, and (b) in case someone tr= ies it, you've actually linked to the same file (-2.pdf) but under different= names, so there won't be a collision by following your links. Hurrah!
=

Venti detect= s a collision on the attempt to write the second copy if that differs from t= he earlier one stored (error "store collision"). The earlier copy is untouch= ed (venti anyway is write-once per score).
Fo= ssil doesn't handle it well, because it turns up during archiving and ends u= p marking the archive attempt as failed, but it will try again.
Meanwhile, you've got time to change fossil to check the= venti error return for "score collision" and announce it, loudly, discardin= g the second one.
Obviously if you care abou= t something, make sure your version is in venti first! Chances are that coll= isions arise from naughty people tricking you later. Probably.

= --Apple-Mail-6A28A2D7-2A22-4426-8950-8B29F558BD77--