[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: fs-rep-sharing branch

From: Alan Barrett <apb_at_cequrux.com>
Date: Wed, 22 Oct 2008 13:57:12 +0200

On Tue, 21 Oct 2008, Greg Stein wrote:
> The simple fact is that we're going to be running around with md5
> checksums in hand for a long while. OR we double-compute, and I'm not
> willing to burn that much CPU to satisfy somebody's misguided
> preconception about md5 collisions.

What "misguided preconception" did you see in David Glasser's
description of the problem? It seems like quite a real problem to me.

The problematic use case in more detail:

   Security researcher Sally uses subversion to keep track of her
   working files.

   Sally deliberately constructs two files, A and B, with different
   content but identical MD5. She is able to do this following
   techniques that are currently known.

   Sally wants to commit the files to svn, so she does

        svn add A B
        svn commit -m "Files A and B have identical MD5 hashes"

   If subversion somehow smashes the two files together because it
   assumes that MD5 collisions will never happen, then Sally is unhappy.

--apb (Alan Barrett)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-10-22 13:59:53 CEST

This is an archived mail posted to the Subversion Dev mailing list.