On Tue, 15 Nov 2005, Tzafrir Cohen wrote:

> On Tue, Nov 15, 2005 at 06:42:23PM +0200, Oded Arbel wrote:
> > On Tuesday, 15 בNovember 2005 18:14, Baruch Even wrote:
> > > Omer Zak wrote:
> > > > THE QUESTION:
> > > > According to the above git README, objects in git are named by
> > > > their SHA1 hashes.So, what happens if two objects have the same
> > > > SHA1 hash, unlikely as it might be?
> > >
> > > The world ends.
> >
> > > I haven't checked for a long time now but I don't think there is any
> > > safeguard for such a case.
> >
> > Actually, AFAIK, there is such a safe guard - The Laws of Mathematics.
> > Which clearly describe the mind boggling improbability of such a case.
>
> But not impossibility.
>
> And if the results of something that though improbable but still
> possible is a catastrophy, then it will eventually cause unreproducable
> data corruption bugs.
>
> And even worse, if people will manage to find methods to generate
> different data blocks withtoame sha1 sum. This is not totally
> unthinkable nowadays.

actually, y'all are too much of security freaks, i'd say.

the mere mention of SHA1 does not mean it is used for a _security_
purpose.

how do you think that your beloved rsync protocol works? exactly the same
way - mere chance ;)

(it uses cryptographic signatures in order to avoid re-sending the same
data block. there's always the chance it will think two seperate blocks
have the same data, while they do not, and cause delivery of a corrupted
file. and how do you check that the file got in-tact? yet another
signature :P~~

knock it off, people - please keep your security-bogged mind off issues
that deal with compression rather then with security.

when you deal with compression - the question is not whether it is
possible to cause collisions with specialy crafted code (because this is
not very interesting). the question is only whether it is probable that
this will occur accidentally.

-- 
guy

"For world domination - press 1,
 or dial 0, and please hold, for the creator." -- nob o. dy

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to