Re: Cryptographic hash computations for a revision range on the repository side

From: Thorsten Schöning <tschoening_at_am-soft.de>
Date: Tue, 21 Jan 2014 09:46:20 +0100

Guten Tag Thierry Moreau,
am Dienstag, 21. Januar 2014 um 05:11 schrieben Sie:

> Digital signatures require public/private key protections, just shifting
> the problem to yet another security challenge.

And what's the difference to your proposed solution? You are simply
re-inventing signatures without any benefit, in your case the
generated hash is your "yet another security challenge" and simply
comparable to a private key. But signatures would have the benefit
that you only need to protect the one and only private key used to
create them, not an amount of hashes or use algorithms which are based
on former generated hashes and such stuff.

I don't see any benefit, just sign your revision ranges and check
them. You would even have much better tool support and wouldn't need
to reinvent the wheel.

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail:Thorsten.Schoening_at_AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/
Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04
AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow

Received on 2014-01-21 09:47:12 CET

This message: [ Message body ]
Next message: Thierry Moreau: "Re: Cryptographic hash computations for a revision range on the repository side"
Previous message: Austin Mico: "Re: upgrade to subversion 1.8.5 suspected bug"
In reply to: Thierry Moreau: "Cryptographic hash computations for a revision range on the repository side"
Next in thread: Thierry Moreau: "Re: Cryptographic hash computations for a revision range on the repository side"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]