Re: fs-rep-sharing branch

From: Alan Barrett <apb_at_cequrux.com>
Date: Wed, 22 Oct 2008 13:57:12 +0200

On Tue, 21 Oct 2008, Greg Stein wrote:
> The simple fact is that we're going to be running around with md5
> checksums in hand for a long while. OR we double-compute, and I'm not
> willing to burn that much CPU to satisfy somebody's misguided
> preconception about md5 collisions.

What "misguided preconception" did you see in David Glasser's
description of the problem? It seems like quite a real problem to me.

The problematic use case in more detail:

Security researcher Sally uses subversion to keep track of her
working files.

   Sally deliberately constructs two files, A and B, with different
   content but identical MD5. She is able to do this following
   techniques that are currently known.

Sally wants to commit the files to svn, so she does

svn add A B
svn commit -m "Files A and B have identical MD5 hashes"

If subversion somehow smashes the two files together because it
assumes that MD5 collisions will never happen, then Sally is unhappy.

--apb (Alan Barrett)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-10-22 13:59:53 CEST

This message: [ Message body ]
Next message: C. Michael Pilato: "Re: Branching 1.6 on Nov. 5"
Previous message: Erik Huelsmann: "Re: fs-rep-sharing branch"
In reply to: Greg Stein: "Re: fs-rep-sharing branch"
Next in thread: Greg Stein: "Re: fs-rep-sharing branch"
Reply: Greg Stein: "Re: fs-rep-sharing branch"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]