[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Query regarding internal consistency checking
|
From: |
Nathaniel Smith |
|
Subject: |
Re: [Monotone-devel] Query regarding internal consistency checking |
|
Date: |
Wed, 9 Jun 2004 04:50:36 -0700 |
|
User-agent: |
Mutt/1.5.6i |
On Wed, Jun 09, 2004 at 01:52:53PM +0200, Jon Bright wrote:
> Nathaniel Smith wrote:
>
> >Suppose I then connect to a netsync server and say "here's the file
> >with version code 12345", and hand it a different file, one containing
> >malicious code. And then Bob actually gets around to doing his commit
> >and pushing to the server, and the server doesn't actually ask for
> >file version 12345, because it already has it. And the server now has
> >a manifest that Bob attests is good, containing file 12345.
>
> If by "version code 12345", you mean the version's SHA hash, then no,
> none of this is possible. It all falls down because you simply can't
> find another file with the same SHA hash (or, if you can, you're famous).
Sure, my file doesn't actually have that hash; but will the server
notice? Or will it just stick an entry in its table "12345 -> my
data"?
-- Nathaniel
--
Eternity is very long, especially towards the end.
-- Woody Allen