Re: [9fans] SHA-1 collision and venti

2017-03-01 Thread David du Colombier
> i believe that rsc worked this out in some work he did based on venti. > sadly i don't remember the name of the project. I believe you're referring to Foundation. https://swtch.com/~rsc/papers/fndn-usenix2008.pdf -- David du Colombier

Re: [9fans] SHA-1 collision and venti

2017-03-01 Thread erik quanstrom
On Mon Feb 27 14:17:49 PST 2017, charles.fors...@gmail.com wrote: > I think venti could deal with it: Rwrite returns a score, Tread provides a > score, and the caller typically uses it as an opaque value. If not, whether > a different sha1 is returned or a new algorithm is used, the caller could >

Re: [9fans] SHA-1 collision and venti

2017-02-28 Thread Darren Wise
ge From: hiro <23h...@gmail.com> Date: 27/02/2017 18:14 (GMT+00:00) To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Subject: Re: [9fans] SHA-1 collision and venti Bakul: I want to store a 10 Petabyte file, can your archival system support that? I want to r

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Charles Forsyth
I think venti could deal with it: Rwrite returns a score, Tread provides a score, and the caller typically uses it as an opaque value. If not, whether a different sha1 is returned or a new algorithm is used, the caller could still not rely on sha1(block)=score. In any case, fossil needs a fix to c

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Riddler
I think much in the same vein as git, venti doesn't need to worry too much about collisions given the behavior when collisions occur is well-defined and sensible in both systems. It's second-preimage's that are more of a concern (and still not possible with SHA1). The lack of preimage attacks on SH

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Bakul Shah
On Mon, 27 Feb 2017 19:02:29 GMT Charles Forsyth wrote: > On 27 February 2017 at 18:30, Charles Forsyth > wrote: > > > that's a separate argument that venti would never work for you, regardless > > of the hash algorithm used. > since venti returns the resulting score from each write, and it kn

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread cinap_lenrek
couldnt you apply encryption before hashing? so to mount a collision attack you'd also need to know the encryption key used by the underlying storatge system (fossil, vac). so you dont just keep the the network address of your venti server but also the encryption key. just make it part of the dial

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Skip Tavakkolian
I wondered if one could make a logical argument that says, one could use a combination of hashes that have different collision resistances (e.g. SHA1⊕MD5) for each file, extending to any number of hashes to satisfy that the combination is unique for all files... So I did a little research, and the

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Charles Forsyth
On 27 February 2017 at 18:30, Charles Forsyth wrote: > that's a separate argument that venti would never work for you, regardless > of the hash algorithm used. since venti returns the resulting score from each write, and it knows whether there's been a collision, it appears it could return a mo

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Charles Forsyth
On 27 February 2017 at 17:28, Bakul Shah wrote: > My argument is that an archival system that can't store some files, no > matter how they were generated, is not good enough. A hash collision > researcher may have a legitimate reason to store such files. > that's a separate argument that venti

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Bakul Shah
The two are not comparable. > On Feb 27, 2017, at 10:14 AM, hiro <23h...@gmail.com> wrote: > > Bakul: I want to store a 10 Petabyte file, can your archival > system support that? I want to research big files. > > There's always a limit, but when does it matter? >

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread hiro
Bakul: I want to store a 10 Petabyte file, can your archival system support that? I want to research big files. There's always a limit, but when does it matter?

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Bakul Shah
My argument is that an archival system that can't store some files, no matter how they were generated, is not good enough. A hash collision researcher may have a legitimate reason to store such files. > On Feb 27, 2017, at 9:07 AM, Charles Forsyth > wrote: > > >> On 27 February 2017 at 16:4

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Charles Forsyth
On 27 February 2017 at 16:47, Charles Forsyth wrote: > On 27 February 2017 at 15:46, Dave MacFarlane wrote: > >> Why not skip sha-256 and go directly to Sha3? > > > blake2 has also been suggested also, it's not clear it's urgent for venti. the scam is to make a new value that produces the same

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Charles Forsyth
On 27 February 2017 at 15:46, Dave MacFarlane wrote: > Why not skip sha-256 and go directly to Sha3? blake2 has also been suggested

Re: [9fans] SHA-1 collision and venti

2017-02-27 Thread Dave MacFarlane
Why not skip sha-256 and go directly to Sha3? On Sun, Feb 26, 2017 at 4:02 PM, Kim Shrier wrote: > I have had a personal project on my list of "things to do > when I have time", is to redo venti using sha256. Does > any body see any problems with doing that? > > Kim > > -- - Dave

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Kim Shrier
I have had a personal project on my list of "things to do when I have time", is to redo venti using sha256. Does any body see any problems with doing that? Kim

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Bakul Shah
On Sun, 26 Feb 2017 19:57:53 GMT Charles Forsyth wrote: > > > The links are to different files. > > > > Not on Gmail at least look to see where each link points. Both are to -2 > in the message I see on Gmail. Unless it cleverly optimised the"identical" > content! I took at a look at the raw

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Jadon Bennett
On Sun, Feb 26, 2017 at 07:57:53PM +, Charles Forsyth wrote: > On Sun, 26 Feb 2017, 18:49 Bakul Shah, wrote: > > > The links are to different files. > > > > Not on Gmail at least look to see where each link points. Both are to -2 > in the message I see on Gmail. Unless it cleverly optimised

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Charles Forsyth
On Sun, 26 Feb 2017, 18:49 Bakul Shah, wrote: > The links are to different files. > Not on Gmail at least look to see where each link points. Both are to -2 in the message I see on Gmail. Unless it cleverly optimised the"identical" content!

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Bakul Shah
On Sun, 26 Feb 2017 18:25:34 GMT Charles Forsyth wrote: > > It's curious that svn "corrupts" the repository, if that's really what they > mean, when two leaf files collide. > An index or directory colliding with a file would be more understandable. The only known collision is for files. I suspe

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Bakul Shah
The links are to different files. The pdfs look identical except for color background. The diff bytes are 193..320. The rest is the same so your first 8k byte checksum would be the same. > On Feb 26, 2017, at 10:16 AM, Charles Forsyth > wrote: > > >> On 26 February 2017 at 17:25, Bakul Shah

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Charles Forsyth
On 26 February 2017 at 17:30, Jules Merit wrote: > there is a backdoor when a score of 4, what data produces it i have no > idea. > where is that? I had a quick look but couldn't find it.

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Charles Forsyth
It's curious that svn "corrupts" the repository, if that's really what they mean, when two leaf files collide. An index or directory colliding with a file would be more understandable. On 26 February 2017 at 18:16, Charles Forsyth wrote: > > On 26 February 2017 at 17:25, Bakul Shah wrote: > >>

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Charles Forsyth
On 26 February 2017 at 17:25, Bakul Shah wrote: > Venti is similarly corruptible, right? Since the checksum is over just the > content. If you downloaded https://shattered.io/static/shattered-1.pdf > and > https://shattered.io/static/shattered-2.pdf,

Re: [9fans] SHA-1 collision and venti

2017-02-26 Thread Jules Merit
there is a backdoor when a score of 4, what data produces it i have no idea. On Sun, Feb 26, 2017 at 9:25 AM, Bakul Shah wrote: > https://arstechnica.com/security/2017/02/watershed- > sha1-collision-just-broke-the-webkit-repository-others-may-follow/ > > https://shattered.io/static/shattered.pdf

[9fans] SHA-1 collision and venti

2017-02-26 Thread Bakul Shah
https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke-the-webkit-repository-others-may-follow/ https://shattered.io/static/shattered.pdf Venti is similarly corruptible, right? Since the checksum is over just the content. If you downloaded https://shattered.io/static/shatte