On 20 Jan 2023, Nathan Hartman wrote:
Taking a step back, this discussion started because pristine-free
WCs
are IIUC more dependent on comparing hashes than pristineful WCs,
and
therefore a hash collision could have more impact in a
pristine-free
WC. "Guarantees" were mentioned, but I think it's important to
state
that there's only a guarantee of probability, since as mentioned
above
all hashes will have collisions.
Sure, in a literal mathematical sense, but not in a sense that
matters for our purposes here.
In the absence of an intentionally caused collision, a good hash
function has *far* less chance of accidental collision than, say,
the chance that your CPU will malfunction due to a stray cosmic
ray, or the chance of us getting hit by a planet-destroying
meteorite tomorrow.
For our purposes, "guarantee" is accurate. No guarantee we make
can be stonger than the inverse probability of a CPU/memory
malfunction anyway.
We already can't store files with identical SHA1 hashes, but
AFAIK the
only meaningful impact we've ever heard is that security
researchers
cannot track files they generate with deliberate collisions. The
same
would be true with any hash type, for collisions within that hash
type.
Yes. A hash is considered "broken" the moment security researches
can generate a collision.
FWIW, in one of my previous posts, I described a real-life
scenario in which the ability to generate a chosen-plaintext
collision in an SVN working copy would have security implications.
Best regards,
-Karl