From: David Thomas <david_hd@yahoo.com>
To: caml-list@inria.fr
Subject: Re: [Caml-list] Computing with big numbers?
Date: Thu, 4 Dec 2008 08:40:22 -0800 (PST) [thread overview]
Message-ID: <363228.47712.qm@web30504.mail.mud.yahoo.com> (raw)
In-Reply-To: <4937FFEE.9060709@bik-gmbh.de>
That depends on the threat model. If the question is, "presuming no active attack, how likely is it to break?", then the cryptanalytic results against the hash are irrelevant. If the question is "how secure is it if someone is maliciously manipulating files", then they are certainly relevant.
If you're operating between reasonably secure machines, where an attacker having write access is already more catastrophic than a failure of Unison, then the first is what matters. If someone else has control over some of the files, then you've gotta watch the second.
--- On Thu, 12/4/08, Florian Hars <hars@bik-gmbh.de> wrote:
> From: Florian Hars <hars@bik-gmbh.de>
> Subject: Re: [Caml-list] Computing with big numbers?
> To: "Alan Schmitt" <alan.schmitt@polytechnique.org>
> Cc: caml-list@inria.fr
> Date: Thursday, December 4, 2008, 8:06 AM
> Alan Schmitt schrieb:
> > But I don't think this applies here, as the hashes
> I'm
> > looking at are the one used by Unison to identify file
> contents.
>
> Then it is *especially* relevant, as it is quite trivial to
> generate
> several files with different content and the same MD5
> hash, all you
> need is a Playstation 3:
> http://www.win.tue.nl/hashclash/Nostradamus/
>
> - Florian
> --
> But our moral language is fragmented; our contemporaries
> reject the Kantian
> hunch that choosing those things most admirable and
> plausible as ends in
> themselves is the best practice; autonomous sources of the
> good are everywhere
> brown and broken. Thus we have PHP.
> http://lambda-the-ultimate.org/node/1463
>
> _______________________________________________
> Caml-list mailing list. Subscription management:
> http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list
> Archives: http://caml.inria.fr
> Beginner's list:
> http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
next prev parent reply other threads:[~2008-12-04 16:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-01 12:36 Alan Schmitt
2008-12-01 12:52 ` [Caml-list] " Martin Jambon
2008-12-01 14:29 ` Alan Schmitt
2008-12-01 13:47 ` Dario Teixeira
2008-12-01 14:37 ` Alan Schmitt
2008-12-04 16:06 ` Florian Hars
2008-12-04 16:40 ` David Thomas [this message]
2008-12-04 21:51 ` Martin Jambon
2008-12-05 7:07 ` Alan Schmitt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=363228.47712.qm@web30504.mail.mud.yahoo.com \
--to=david_hd@yahoo.com \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).