couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@iriscouch.com>
Subject Re: Why MD5 is used for hashes, also about non-deterministic IDs.
Date Tue, 15 Nov 2011 07:57:49 GMT
On Tue, Nov 15, 2011 at 7:34 AM, Alex Besogonov
<alex.besogonov@gmail.com> wrote:
>>> Now I make a change to 'Doc' at machine A. This creates a new revid
>>> with new md5 hash.
>>> A malicious software somehow learns about this update and creates
>>> another document
>>> on machine B, contriving it so to make the resulting hash to be the
>>> same as on machine A.
>> Before going any further, you must show why we care about the contents
>> of machine B.
>> Why would I log in to machine B if I do not trust B's owner? Why would
>> I clone your Git repository if I do not know you?
> The problem is, MD5 hash depends on _untrusted_ data that external
> processes might put into the database.
>
> For example, imagine that machines A and B use CouchDB to store
> certificates.

I ask again.

-- 
Iris Couch

Mime
View raw message