Re: more git updates..

From: Bernd Eckenfels
Date: Sat Apr 23 2005 - 23:39:01 EST


On Sat, Apr 23, 2005 at 09:13:26PM -0700, Paul Jackson wrote:
> I don't believe you. Reference?

I had MD5 in mind, sorry. I havent seen the SHA-1 colision samples, yet.
However it is likely to be available soon. (a simple pair with two files
will be enugh to cause "theoretical" problems. However I think it would be
possible to detect collisions on add and append sequence numbers... ugly.

> > Or at least go with FIPS 180-2.
>
> FIPS 180-2 specifies four secure hash algorithms - SHA-1, SHA-256,
> SHA-384, and SHA-512. We're using SHA-1.

Yes, I was referring to the longer versions (aka SHA-2), since FIPS tries to
phase out the 160bit version (till 2010).

Anyway I know we dont need to discuss this, I just wanted to point out that
in practical usage as source repository we might not see problems, but it
does not mean that there arent some already provokeable. PErsonally I see
the advantage of the "stateless" hash approach about more correct statefull
approaches like BK.

Greetings
Bernd

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/