On 27 February 2017 at 16:47, Charles Forsyth <charles.fors...@gmail.com> wrote:
> On 27 February 2017 at 15:46, Dave MacFarlane <driu...@gmail.com> wrote: > >> Why not skip sha-256 and go directly to Sha3? > > > blake2 has also been suggested also, it's not clear it's urgent for venti. the scam is to make a new value that produces the same hash as an earlier important value where the hash plays a part in certifying the value, or where software uses the shorthand of comparing hashes to compare values and acts on that without comparing the values. with venti, the hash is produced as a side-effect of storing a value, and it also records the value itself. when the hash is presented, the stored block is returned. the hash itself is a compact address and doesn't certify the value (ie, nothing that uses venti assumes that it also certifies the value). any attempt to store a different value with the same hash will be detected. using any hash function has a chance of collision (newer, longer hashes reduce that, but it's rare as it is). because venti is write-once, no-one can change your venti contents subtly without access to the storage device, but if they've got access to the storage they don't need to be subtle. with the collision-maker and access to the storage device, they can make a previously certain vac: mean something different, but it still needs raw access to the device, it can't be done through the venti protocol.