From: Fred Van Andel <fava@gentoo.org>
To: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] (crazy?) proposal to reduce load and disk on mirrors
Date: Tue, 22 Jul 2003 23:42:26 -0700 [thread overview]
Message-ID: <200307222342.26941.fava@gentoo.org> (raw)
In-Reply-To: <20030724015453.5079e993.rbilbao@inzignia.cl>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On July 23, 2003 10:54 pm, Raimundo Bilbao wrote:
> Sound great, a P2P gentoo (?), but how do you protect against
> trojans, malware and stuffs like that?, is MD5 (AFAIK, currently the
> only checksum used) good enough?.
There are a couple of features to prevent against that kind of thing.
Only files that exist on the official distfiles mirrors will eligible
for sharing. In other words users cannot submit new files into the
system.
MD5's will be used to protect each chunk of data as well as the entire
file. All hashes will originate from a central server so there is no
opportunity for a malicious user to create a compromised chunk of data
and have it accepted by the system.
As for the security of MD5, there is no published instance of anyone
finding 2 different datasets that produce an identical hash value. MD5
is a 128 bit hash algorithm so in theory it would be be required to
calculate approximately 1.2 * sqrt(2^128) different hashes in order to
have a 50% chance of a single collision. That would require > 350
billion gigabytes just to store the hashes. I believe MD5 to be secure
enough for this application.
- --
Fred Van Andel
fava@gentoo.org
GPG KeyID: 76526AD599455482
GPG fingerprint: 64E4 4BAB 9C99 D565 3E3C F5D0 7652 6AD5 9945 5482
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/Hi5SdlJq1ZlFVIIRAn+rAKCTzLilqNQjFCfNt9hXkhlZUK/JWwCg8w+a
R6YWR9iUF6R0VBU2e18pQ5w=
=8wC3
-----END PGP SIGNATURE-----
--
gentoo-dev@gentoo.org mailing list
next prev parent reply other threads:[~2003-07-24 6:44 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-23 19:48 [gentoo-dev] The release of 1.4 and its impact on our mirrors Kurt Lieber
2003-07-23 8:40 ` Alvaro Figueroa Cabezas
2003-07-23 21:01 ` Kurt Lieber
2003-07-23 9:28 ` Alvaro Figueroa Cabezas
2003-07-23 9:30 ` Alvaro Figueroa Cabezas
2003-07-24 0:11 ` [gentoo-dev] " Pieter Van den Abeele
2003-07-24 0:55 ` Nathaniel McCallum
2003-07-24 2:07 ` [gentoo-dev] Python on the liveCD Nathaniel McCallum
2003-07-24 9:29 ` Seemant Kulleen
2003-07-23 20:36 ` [gentoo-dev] The release of 1.4 and its impact on our mirrors Matthew Walker
2003-07-23 20:39 ` Tal Peer
2003-07-23 21:10 ` Jon Portnoy
2003-07-23 21:41 ` Alec Berryman
2003-07-24 7:35 ` [gentoo-dev] (crazy?) proposal to reduce load and disk on mirrors Håvard Wall
2003-07-23 5:50 ` Fred Van Andel
[not found] ` <3F1F9174.6010504@ifi.uio.no>
2003-07-23 6:04 ` Fred Van Andel
2003-07-24 5:54 ` Raimundo Bilbao
2003-07-23 6:42 ` Fred Van Andel [this message]
2003-07-24 7:30 ` Robin H.Johnson
2003-07-23 7:53 ` Fred Van Andel
2003-07-24 6:35 ` bdharring
2003-07-23 7:22 ` Fred Van Andel
2003-07-24 9:32 ` Mix Sella
2003-07-24 16:39 ` gerrynjr
2003-07-24 15:59 ` Tom Payne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200307222342.26941.fava@gentoo.org \
--to=fava@gentoo.org \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox