On Tue, 15 Nov 2005, Tzafrir Cohen wrote: > On Tue, Nov 15, 2005 at 06:42:23PM +0200, Oded Arbel wrote: > > On Tuesday, 15 בNovember 2005 18:14, Baruch Even wrote: > > > Omer Zak wrote: > > > > THE QUESTION: > > > > According to the above git README, objects in git are named by > > > > their SHA1 hashes.So, what happens if two objects have the same > > > > SHA1 hash, unlikely as it might be? > > > > > > The world ends. > > > > > I haven't checked for a long time now but I don't think there is any > > > safeguard for such a case. > > > > Actually, AFAIK, there is such a safe guard - The Laws of Mathematics. > > Which clearly describe the mind boggling improbability of such a case. > > But not impossibility. > > And if the results of something that though improbable but still > possible is a catastrophy, then it will eventually cause unreproducable > data corruption bugs. > > And even worse, if people will manage to find methods to generate > different data blocks withtoame sha1 sum. This is not totally > unthinkable nowadays.
actually, y'all are too much of security freaks, i'd say. the mere mention of SHA1 does not mean it is used for a _security_ purpose. how do you think that your beloved rsync protocol works? exactly the same way - mere chance ;) (it uses cryptographic signatures in order to avoid re-sending the same data block. there's always the chance it will think two seperate blocks have the same data, while they do not, and cause delivery of a corrupted file. and how do you check that the file got in-tact? yet another signature :P~~ knock it off, people - please keep your security-bogged mind off issues that deal with compression rather then with security. when you deal with compression - the question is not whether it is possible to cause collisions with specialy crafted code (because this is not very interesting). the question is only whether it is probable that this will occur accidentally. -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
