Re: [incremental] Patch: FYI: add missing bits to checksum

[Tom Tromey <tromey at redhat dot com>]

>>>>> "Paolo" == Paolo Bonzini <bonzini@gnu.org> writes:

>> +    case CPP_KEYWORD:
>> +      type = token->keyword;
>> +      md5_process_bytes (&type, sizeof (type), current_hash);
>> +      break;

Paolo> Why not change this to sha1 since you're at it?

We have MD5 in libiberty, so it was convenient.  Performance may also
be a consideration.  MD5 does show up in my profiles.

Paolo> You cannot find a
Paolo> second pre-image for MD5, but you can find collisions pretty easily,
Paolo> so it could yield security problems (no I'm not exaggerating it *too
Paolo> much*---they would be wrong-code bugs, but if somebody plays with MD5
Paolo> collisions you can assume that they are doing something malicious).

I have thought about this argument before.  I am not really convinced
by it.  After all it is also easy to write obfuscated code that
sneakily does bad things -- in fact, that is much simpler.  And, what
is anybody doing compiling sources which may be modifiable by an
attacker?

Paolo> You could have
Paolo>   if ("A1" == "A2")
Paolo>     foo ();
Paolo>   else
Paolo>     bar ();
[...]
Paolo> and (A1, A2) is a colliding pair.

I will think about this some more.

I tried to see this problem in action, but I was unable.  The only MD5
collision I could easily find yields a program that is rejected by the
lexer.  If you have a "nice" collision, I'd like to have it.

BTW there is a "perfect" solution to the problem.  We can store the
tokens making up a hunk, and directly compare token streams.  I am
reluctant to do this, because it requires more memory.  I consider it
a last resort.

Tom