[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: RFC: Fake IDs
From: |
Nathaniel Smith |
Subject: |
Re: [Monotone-devel] Re: RFC: Fake IDs |
Date: |
Wed, 19 Jul 2006 00:53:09 -0700 |
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Wed, Jul 19, 2006 at 12:27:42AM -0700, Graydon Hoare wrote:
> Ok. I've argued with myself about my knee-jerk perception of risk here
> and convinced myself that I've been irrationally mis-perceiving relative
> probabilities. You're right: a fixed plaintext collision -- even all
> zero -- is actually *less* likely than the birthday-collision of "any
> two files". It's unnerving, but I have to accept the reasoning. Score
> one for unreasonable psychology.
Ah-hah. Probability is Weird.
> I propose an Explicit and Sound Mechanism:
>
> Make a class fake_rid_source that wraps a u64 counter and sequentially
> assigns "%40.40llX" rids. Construct one and have it hand out fake rids
> within the scope that you're using them. That makes the scope
> relationships of your fakes somewhat explicit (which is half of what I
> wanted with "checking the database") and still lets you generate a few
> within a function and throw them out without dragging a db handle into it.
Hmm. I guess as compared to the single global counter of Zack's
patch (IIUC), this has an advantage:
-- you must explicitly mark the scope of these rids in your code
and a disadvantage:
-- there's nothing to enforce you did this right, except careful
code auditing[1]; in particular you might accidentally let two
fake rids from two different sources bump into each other
accidentally
My knee-jerk reaction is that the advantage is only really an
advantage if there's enforcement, but I dunno.
[1] You know, it would be pretty awesome if you had a type system
that let you say "this dynamic value right here must not escape this
static scope", a sort of very-refined tainting scheme. I guess you
run into some problem with derived values; it's useless to have the
value in the first place if no other values that result from
computations involving it can escape either, but then code that does a
non-trivial identity function would let it escape... err, anyway. I
guess some E auditors do stuff along these lines.
-- Nathaniel
--
When the flush of a new-born sun fell first on Eden's green and gold,
Our father Adam sat under the Tree and scratched with a stick in the mould;
And the first rude sketch that the world had seen was joy to his mighty heart,
Till the Devil whispered behind the leaves, "It's pretty, but is it Art?"
-- The Conundrum of the Workshops, Rudyard Kipling
- Re: [Monotone-devel] Re: RFC: Fake IDs, (continued)
- Re: [Monotone-devel] Re: RFC: Fake IDs, Nathaniel Smith, 2006/07/19
- Re: [Monotone-devel] Re: RFC: Fake IDs, Zack Weinberg, 2006/07/19
- [Monotone-devel] Re: RFC: Fake IDs, Graydon Hoare, 2006/07/19
- Re: [Monotone-devel] Re: RFC: Fake IDs, Daniel Carosone, 2006/07/19
- Re: [Monotone-devel] Re: RFC: Fake IDs, Daniel Carosone, 2006/07/19
- Re: [Monotone-devel] Re: RFC: Fake IDs, Jack Lloyd, 2006/07/19
- [Monotone-devel] Re: RFC: Fake IDs, Graydon Hoare, 2006/07/18
- Re: [Monotone-devel] Re: RFC: Fake IDs, Zack Weinberg, 2006/07/18
- Re: [Monotone-devel] Re: RFC: Fake IDs, Nathaniel Smith, 2006/07/19
- [Monotone-devel] Re: RFC: Fake IDs, Graydon Hoare, 2006/07/19
- Re: [Monotone-devel] Re: RFC: Fake IDs,
Nathaniel Smith <=
- Re: [Monotone-devel] Re: RFC: Fake IDs, Nathaniel Smith, 2006/07/24
Re: [Monotone-devel] RFC: Fake IDs, Florian Weimer, 2006/07/19