From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on yquem.inria.fr X-Spam-Level: * X-Spam-Status: No, score=1.9 required=5.0 tests=AWL,DNS_FROM_RFC_ABUSE, DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS autolearn=disabled version=3.1.3 X-Original-To: caml-list@yquem.inria.fr Delivered-To: caml-list@yquem.inria.fr Received: from mail1-relais-roc.national.inria.fr (mail1-relais-roc.national.inria.fr [192.134.164.82]) by yquem.inria.fr (Postfix) with ESMTP id 0F2C0BBAF for ; Thu, 4 Dec 2008 17:40:38 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.33,715,1220220000"; d="scan'208";a="20784296" Received: from concorde.inria.fr ([192.93.2.39]) by mail1-smtp-roc.national.inria.fr with ESMTP; 04 Dec 2008 17:40:37 +0100 Received: from mail4-relais-sop.national.inria.fr (mail4-relais-sop.national.inria.fr [192.134.164.105]) by concorde.inria.fr (8.13.6/8.13.6) with ESMTP id mB4GebnH014877 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Thu, 4 Dec 2008 17:40:37 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArYAAHWWN0lEjsh1mWdsb2JhbACTUAEBAQEBCAsKBxGvPAiNDwUCAYMCgV4 X-IronPort-AV: E=Sophos;i="4.33,715,1220220000"; d="scan'208";a="32191155" Received: from web30504.mail.mud.yahoo.com ([68.142.200.117]) by mail4-smtp-sop.national.inria.fr with SMTP; 04 Dec 2008 17:40:36 +0100 Received: (qmail 74006 invoked by uid 60001); 4 Dec 2008 16:40:22 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Message-ID; b=HD/AM+WD0pVW0uB7DhsEeK8R8HoL2PQrGPyq2gM4Z2D80zDWHsh5efnVGMYs2158Zrcp2TEK59iBOfrk0lMRqxFdp38TnF0n1FLFW/QraIIV7xCwTbhb1FSVUDOWkGRVJKmrN9YlG87OYmLqdiLhRdSrgzAvBbGL3XmiDdNvjQ8=; X-YMail-OSG: zw1jdkwVM1lRTk0tj2BHZ5U20YnL4_NX2P9Ls9yO_G0mmZcccVVhzcVnln.lnTv8DncVtCiejLLtmT_r_ManqsCfUAMkju8JgQt5PEmgS1x6fKw6d0FTLA2wyzEY87fGCEh0UFQ5CIw.QPOUaPC_qEywocXlBCxbXyzc.yOEuVXzx12wcMNMjpZY45c- Received: from [141.212.108.138] by web30504.mail.mud.yahoo.com via HTTP; Thu, 04 Dec 2008 08:40:22 PST X-Mailer: YahooMailWebService/0.7.260.1 Date: Thu, 4 Dec 2008 08:40:22 -0800 (PST) From: David Thomas Reply-To: david_hd@yahoo.com Subject: Re: [Caml-list] Computing with big numbers? To: caml-list@inria.fr In-Reply-To: <4937FFEE.9060709@bik-gmbh.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <363228.47712.qm@web30504.mail.mud.yahoo.com> X-Miltered: at concorde with ID 49380805.000 by Joe's j-chkmail (http://j-chkmail . ensmp . fr)! X-Spam: no; 0.00; model:01 hash:01 maliciously:01 hars:01 hars:01 bik-gmbh:01 bik-gmbh:01 schmitt:01 schmitt:01 hashes:01 trivial:01 hash:01 admirable:01 node:01 beginner's:01 That depends on the threat model. If the question is, "presuming no active attack, how likely is it to break?", then the cryptanalytic results against the hash are irrelevant. If the question is "how secure is it if someone is maliciously manipulating files", then they are certainly relevant. If you're operating between reasonably secure machines, where an attacker having write access is already more catastrophic than a failure of Unison, then the first is what matters. If someone else has control over some of the files, then you've gotta watch the second. --- On Thu, 12/4/08, Florian Hars wrote: > From: Florian Hars > Subject: Re: [Caml-list] Computing with big numbers? > To: "Alan Schmitt" > Cc: caml-list@inria.fr > Date: Thursday, December 4, 2008, 8:06 AM > Alan Schmitt schrieb: > > But I don't think this applies here, as the hashes > I'm > > looking at are the one used by Unison to identify file > contents. > > Then it is *especially* relevant, as it is quite trivial to > generate > several files with different content and the same MD5 > hash, all you > need is a Playstation 3: > http://www.win.tue.nl/hashclash/Nostradamus/ > > - Florian > -- > But our moral language is fragmented; our contemporaries > reject the Kantian > hunch that choosing those things most admirable and > plausible as ends in > themselves is the best practice; autonomous sources of the > good are everywhere > brown and broken. Thus we have PHP. > http://lambda-the-ultimate.org/node/1463 > > _______________________________________________ > Caml-list mailing list. Subscription management: > http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list > Archives: http://caml.inria.fr > Beginner's list: > http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs