|
From: | Jon Bright |
Subject: | Re: [Monotone-devel] Query regarding internal consistency checking |
Date: | Wed, 09 Jun 2004 13:52:53 +0200 |
User-agent: | Mozilla Thunderbird 0.6 (Windows/20040502) |
Nathaniel Smith wrote:
Suppose I then connect to a netsync server and say "here's the file with version code 12345", and hand it a different file, one containing malicious code. And then Bob actually gets around to doing his commit and pushing to the server, and the server doesn't actually ask for file version 12345, because it already has it. And the server now has a manifest that Bob attests is good, containing file 12345.
If by "version code 12345", you mean the version's SHA hash, then no, none of this is possible. It all falls down because you simply can't find another file with the same SHA hash (or, if you can, you're famous).
-- Jon Bright Silicon Circus Ltd. http://www.siliconcircus.com
[Prev in Thread] | Current Thread | [Next in Thread] |