[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cryptographic hash computations for a revision range on the repository side

From: Thorsten Schöning <tschoening_at_am-soft.de>
Date: Tue, 21 Jan 2014 09:46:20 +0100

Guten Tag Thierry Moreau,
am Dienstag, 21. Januar 2014 um 05:11 schrieben Sie:

> Digital signatures require public/private key protections, just shifting
> the problem to yet another security challenge.

And what's the difference to your proposed solution? You are simply
re-inventing signatures without any benefit, in your case the
generated hash is your "yet another security challenge" and simply
comparable to a private key. But signatures would have the benefit
that you only need to protect the one and only private key used to
create them, not an amount of hashes or use algorithms which are based
on former generated hashes and such stuff.

I don't see any benefit, just sign your revision ranges and check
them. You would even have much better tool support and wouldn't need
to reinvent the wheel.

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail:Thorsten.Schoening_at_AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/
Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04
AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
Received on 2014-01-21 09:47:12 CET

This is an archived mail posted to the Subversion Users mailing list.