[Scons-dev] Hashes

Daniel Holth dholth at gmail.com
Thu Oct 26 11:07:59 EDT 2017 

blake2 is supposed to be very fast, faster than md5. It would probably
break the 'scons uses stdlib only' rule though. https://blake2.net/

I assume to break scons you would have to update the same filename with its
md5 collision [while keeping the timestamps the same]?

People have tried to put sha1 collisions in their git repositories as test
input only to find that git breaks. They can cause mischief.

On Thu, Oct 26, 2017 at 10:00 AM Jonathon Reinhart <
jonathon.reinhart at gmail.com> wrote:

> I believe you will never encounter an accidental MD5 collision in the way
> that SCons uses it. [1] All of the MD5 collisions being publicized are
> intentional; leveraging a chosen-prefix attack. Does SCons really care to
> address the case where someone is intentionally generating collisions? I
> imagine not.
>
> MD5 is still the fastest general-purpose hashing algorithm [2]. So I so
> reason for SCons to worry about changing hash algorithms.
>
> Jonathon Reinhart
>
> [1]: https://stackoverflow.com/a/937798/119527
> [2]: https://stackoverflow.com/a/2723941/119527
>
>
> On Thu, Oct 26, 2017 at 7:58 AM, Russel Winder <russel at winder.org.uk>
> wrote:
>
>> I may just be out of date: is SCons using MD5 for hashing?
>>
>> Clearly SCons is not that interested in security or true persistence
>> level hashing, but given the issue of clashing might MD5 now not be
>> useful?
>>
>> --
>> Russel.
>>
>> =============================================================================
>> Dr Russel Winder      t: +44 20 7585 2200   voip:
>> sip:russel.winder at ekiga.net
>> 41 Buckmaster Road    m: +44 7770 465 077   xmpp: russel at winder.org.uk
>> London SW11 1EN, UK   w: www.russel.org.uk  skype: russel_winder
>> _______________________________________________
>> Scons-dev mailing list
>> Scons-dev at scons.org
>> https://pairlist2.pair.net/mailman/listinfo/scons-dev
>>
>>
> _______________________________________________
> Scons-dev mailing list
> Scons-dev at scons.org
> https://pairlist2.pair.net/mailman/listinfo/scons-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist2.pair.net/pipermail/scons-dev/attachments/20171026/b4c5084d/attachment.html>

More information about the Scons-dev mailing list