Re: [Monotone-devel] Re: Policy branches

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: Policy branches - first steps

From:	Justin Patrin
Subject:	Re: [Monotone-devel] Re: Policy branches - first steps
Date:	Mon, 26 Feb 2007 13:17:24 -0800

On 2/26/07, Steven E. Harris <address@hidden> wrote:

Paul Crowley <address@hidden> writes:

> Monotone has a flag day coming up in any case, because of the move
> away from SHA-1.

To what are you/we moving?


I'll summarize what I remember from the summit about our security/encryption.

1) We should be moving to SHA-256 to make people feel better if nothing else.
2) We should be moving to DSA keys instead of RSA.
3) DSA can only sign less than 256 bits (140?) so moving to SHA-256
and DSA will be problematic.
4) There is a possible attack on netsync (Dan knows more).
5) Our signatures are directly reproducable through 2 subsequent runs.
 (I noticed this while doing nvm.ssh-agent. monotone and ssh-agent
signatures match exactly. Paul caught this and mentioned that we
shouldn't be doing this.)

--
Justin Patrin

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Policy branches - first steps, Paul Crowley, 2007/02/16
- Re: [Monotone-devel] Policy branches - first steps, Paul Crowley, 2007/02/20
  - Re: [Monotone-devel] Policy branches - first steps, Timothy Brownawell, 2007/02/25
    - Re: [Monotone-devel] Policy branches - first steps, Paul Crowley, 2007/02/26
    - [Monotone-devel] Re: Policy branches - first steps, Steven E. Harris, 2007/02/26
    - [Monotone-devel] Crypto and SHA-1, was Policy branches - first steps, Paul Crowley, 2007/02/26
    - [Monotone-devel] Re: Crypto and SHA-1, was Policy branches - first steps, Lapo Luchini, 2007/02/27
    - Re: [Monotone-devel] Re: Crypto and SHA-1, was Policy branches - first steps, Paul Crowley, 2007/02/27
    - Re: [Monotone-devel] Re: Policy branches - first steps, Justin Patrin <=
    - Re: [Monotone-devel] Re: Policy branches - first steps, Jack Lloyd, 2007/02/26
    - Re: [Monotone-devel] Re: Policy branches - first steps, Justin Patrin, 2007/02/26
    - Re: [Monotone-devel] Re: Policy branches - first steps, Paul Crowley, 2007/02/26
    - Re: [Monotone-devel] Re: Policy branches - first steps, Brian May, 2007/02/26
    - Re: [Monotone-devel] Re: Policy branches - first steps, Paul Crowley, 2007/02/27
    - [Monotone-devel] Re: Policy branches - first steps, Lapo Luchini, 2007/02/27
    - Re: [Monotone-devel] Re: Policy branches - first steps, Jack Lloyd, 2007/02/27
    - [Monotone-devel] Re: Flag day, William Uther, 2007/02/26
    - [Monotone-devel] Re: Flag day, Paul Crowley, 2007/02/26
    - [Monotone-devel] Re: Flag day, Timothy Brownawell, 2007/02/26

Prev by Date: [Monotone-devel] Crypto and SHA-1, was Policy branches - first steps
Next by Date: Re: [Monotone-devel] Re: Policy branches - first steps
Previous by thread: Re: [Monotone-devel] Re: Crypto and SHA-1, was Policy branches - first steps
Next by thread: Re: [Monotone-devel] Re: Policy branches - first steps
Index(es):
- Date
- Thread