[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: fs-rep-sharing branch

From: Greg Stein <gstein_at_gmail.com>
Date: Wed, 22 Oct 2008 05:34:04 -0700

On Wed, Oct 22, 2008 at 4:57 AM, Alan Barrett <apb_at_cequrux.com> wrote:
> On Tue, 21 Oct 2008, Greg Stein wrote:
>> The simple fact is that we're going to be running around with md5
>> checksums in hand for a long while. OR we double-compute, and I'm not
>> willing to burn that much CPU to satisfy somebody's misguided
>> preconception about md5 collisions.
> What "misguided preconception" did you see in David Glasser's
> description of the problem? It seems like quite a real problem to me.

That unintended collisions can occur or an attacker is going to
somehow cause problems for an svn repository by using md5 collisions
against it. That's how the discussion started (somewhat on the mailing
list, and definitely on IRC).

Later, the idea of researchers surfaced, and that they'd be trying to
store file pairs with the same hash. I grant your scenario is valid.

We *still* have all the problems that md5 is fully-intertwined in our
code. I'm still not willing to do double-checksums and kill millions
of coders for a few researchers who could simply tar their candidate
pairs together, or gzip them. Yes, that's the brutal truth :-P ... the
researchers need to use workarounds, and the millions get a fast

In the future... yes, we could remove the limitation.


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-10-22 14:34:18 CEST

This is an archived mail posted to the Subversion Dev mailing list.