Return-Path: 
 <dev-return-19228-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-dev-archive@www.apache.org
Delivered-To: apmail-couchdb-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E7857751D
	for <apmail-couchdb-dev-archive@www.apache.org>;
 Tue, 15 Nov 2011 07:58:48 +0000 (UTC)
Received: (qmail 47006 invoked by uid 500); 15 Nov 2011 07:58:43 -0000
Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org
Received: (qmail 46836 invoked by uid 500); 15 Nov 2011 07:58:40 -0000
Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 46821 invoked by uid 99); 15 Nov 2011 07:58:38 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Nov 2011 07:58:38 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [209.85.213.52] (HELO mail-yw0-f52.google.com) (209.85.213.52)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Nov 2011 07:58:32 +0000
Received: by ywb5 with SMTP id 5so8407830ywb.11
        for <dev@couchdb.apache.org>; Mon, 14 Nov 2011 23:58:11 -0800 (PST)
Received: by 10.68.208.225 with SMTP id mh1mr58453951pbc.17.1321343890430;
 Mon, 14 Nov 2011 23:58:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.143.91.10 with HTTP; Mon, 14 Nov 2011 23:57:49 -0800 (PST)
In-Reply-To: 
 <CA+4wGE7iYVYa6hu0=WQ6OmZ--iWBwgs-8YXF+HOThgTnJN4v9g@mail.gmail.com>
References: 
 <CA+4wGE53FS065CNJrGsYFqtVu6g0EGPYN5A8OoCKv0DFEOCPAg@mail.gmail.com>
 <CAAL6JQh05ABk6iR5PT1uCvE3FSM_eZNvxfm7g3viDG_ZrXUdXg@mail.gmail.com>
 <CA+4wGE7c4EMvnzx2GPoeDz9twccKtheB21Hq7BucY3f7egS6Ew@mail.gmail.com>
 <CAN-3CB+MZFDnqy-VTJThqu0D5bv5GvQ=OT=xPTp467gZycj2Uw@mail.gmail.com>
 <CA+4wGE7iYVYa6hu0=WQ6OmZ--iWBwgs-8YXF+HOThgTnJN4v9g@mail.gmail.com>
From: Jason Smith <jhs@iriscouch.com>
Date: Tue, 15 Nov 2011 07:57:49 +0000
Message-ID: 
 <CAN-3CBJf=ZfERLxBZoVVaX5kF9-Ro5qYO26jVhkS=CpM=yXhPg@mail.gmail.com>
Subject: Re: Why MD5 is used for hashes, also about non-deterministic IDs.
To: dev@couchdb.apache.org
Content-Type: text/plain; charset=UTF-8

On Tue, Nov 15, 2011 at 7:34 AM, Alex Besogonov
<alex.besogonov@gmail.com> wrote:
>>> Now I make a change to 'Doc' at machine A. This creates a new revid
>>> with new md5 hash.
>>> A malicious software somehow learns about this update and creates
>>> another document
>>> on machine B, contriving it so to make the resulting hash to be the
>>> same as on machine A.
>> Before going any further, you must show why we care about the contents
>> of machine B.
>> Why would I log in to machine B if I do not trust B's owner? Why would
>> I clone your Git repository if I do not know you?
> The problem is, MD5 hash depends on _untrusted_ data that external
> processes might put into the database.
>
> For example, imagine that machines A and B use CouchDB to store
> certificates.

I ask again.

-- 
Iris Couch