On Sun, 10 Apr 2005, Junio C Hamano wrote: > >>>>> "DL" == David Lang <[EMAIL PROTECTED]> writes: > > DL> just wanted to point out that recent news shows that sha1 isn't as > DL> good as it was thought to be (far easier to deliberatly create > DL> collisions then it should be) > > I suspect there is no need to do so...
It's possible to generate another object with the same hash, but: - you can't just take your desired object and do magic to make it hash right - it may not have the same length (almost certainly) - it's still non-trivial in terms of computation needed > > Message-ID: <[EMAIL PROTECTED]> > From: Linus Torvalds <[EMAIL PROTECTED]> > Subject: Re: Kernel SCM saga.. > Date: Sat, 9 Apr 2005 09:16:22 -0700 (PDT) > > ... > > Linus > > (*) yeah, yeah, I know about the current theoretical case, and I don't > care. Not only is it theoretical, the way my objects are packed you'd have > to not just generate the same SHA1 for it, it would have to _also_ still > be a valid zlib object _and_ get the header to match the "type + length" > of object part. IOW, the object validity checks are actually even stricter > than just "sha1 matches". > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc Doing interesting things with little computers since 1979. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
