[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Antwort: Re: ... Re: dangerous implementation of rep-sharing cache for fsfs

From: <michael.felke_at_evonik.com>
Date: Thu, 1 Jul 2010 14:00:41 +0200

Hello Mark,

Thanks for your wishes,
but it seems that I will never be famous:

?Hash Function Update Due to Potential Weakness Found in SHA-1?


Michael Felke
Telefon +49 2151 38-1453
Telefax +49 2151 38-1094
Evonik Stockhausen GmbH
Bäkerpfad 25
47805 Krefeld

Geschäftsführung: Gunther Wittmer (Sprecher), Willibrord Lampen

Sitz der Gesellschaft: Krefeld
Registergericht: Amtsgericht Krefeld; Handelsregister HRB 5791

This e-mail transmission, and any documents, files or previous e-mail
messages attached to it may contain information that is confidential or
legally privileged. If you are not the intended recipient, or a person
responsible for delivering it to the intended recipient, you are hereby
notified that you must not read this transmission and that any disclosure,
copying, printing, distribution or use of any of the information contained
in or attached to this transmission is STRICTLY PROHIBITED. If you have
received this transmission in error, please immediately notify the sender
by telephone or return e-mail and delete the original transmission and its
attachments without reading or saving in any manner. Thank you.

Mark Mielke <mark_at_mark.mielke.cc>
30.06.2010 20:37
        An: michael.felke_at_evonik.com
        Kopie: "dev_at_subversion.apache.org" <dev_at_subversion.apache.org>,
Daniel Shahaf <d.s_at_daniel.shahaf.name>, ghudson_at_mit.edu, Mark Phippard
<markphip_at_gmail.com>, mf_at_rola.ch
        Thema: Re: Antwort: Re: ... Re: dangerous implementation of
rep-sharing cache for fsfs

I think if you could find a real life collision - you might be able to
get some sort of award. Good luck. :-)


On 06/30/2010 05:57 AM, michael.felke_at_evonik.com wrote:
> Hello,
> O.K., it seems there is really a need to discuss the problem of
> SHA-1 collisions more deeply.
> ...
> But one is missing!
> 4. The set of one kind of data and that of another kind are overlapping
> very infrequent, if at all. They could be seen as highly
> and separated parts of the sample set of all possible data.
> So SHA-1 hashes will wildly spread on the first set, doing the best
> of its job, and also, but independently, spread on the other set as
> wide as it?s expected to do.
> What is the result, when two or more sets of hash values, each widely
> spread of the same value range, are used together in one fetch index?
> Perhaps, some can see a danger now, too.
> I? am working on a practical demonstration, which everybody could
> reproduce with his or her spreadsheet program.
> But please be patient, I have other things to do, as well.
> Greetings,
> P.S. Thanks for the warning; we are not going to use 1.7.
> At the Moment we are not using 1.6 either,
> because of the SHA-1 rep-share cache.

Mark Mielke<mark_at_mielke.cc>
Received on 2010-07-01 14:02:30 CEST

This is an archived mail posted to the Subversion Dev mailing list.