That depends on the threat model. If the question is, "presuming no active attack, how likely is it to break?", then the cryptanalytic results against the hash are irrelevant. If the question is "how secure is it if someone is maliciously manipulating files", then they are certainly relevant.
If you're operating between reasonably secure machines, where an attacker having write access is already more catastrophic than a failure of Unison, then the first is what matters. If someone else has control over some of the files, then you've gotta watch the second. --- On Thu, 12/4/08, Florian Hars <[EMAIL PROTECTED]> wrote: > From: Florian Hars <[EMAIL PROTECTED]> > Subject: Re: [Caml-list] Computing with big numbers? > To: "Alan Schmitt" <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Date: Thursday, December 4, 2008, 8:06 AM > Alan Schmitt schrieb: > > But I don't think this applies here, as the hashes > I'm > > looking at are the one used by Unison to identify file > contents. > > Then it is *especially* relevant, as it is quite trivial to > generate > several files with different content and the same MD5 > hash, all you > need is a Playstation 3: > http://www.win.tue.nl/hashclash/Nostradamus/ > > - Florian > -- > But our moral language is fragmented; our contemporaries > reject the Kantian > hunch that choosing those things most admirable and > plausible as ends in > themselves is the best practice; autonomous sources of the > good are everywhere > brown and broken. Thus we have PHP. > http://lambda-the-ultimate.org/node/1463 > > _______________________________________________ > Caml-list mailing list. Subscription management: > http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list > Archives: http://caml.inria.fr > Beginner's list: > http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs _______________________________________________ Caml-list mailing list. Subscription management: http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list Archives: http://caml.inria.fr Beginner's list: http://groups.yahoo.com/group/ocaml_beginners Bug reports: http://caml.inria.fr/bin/caml-bugs
