- It may be possible to use timing to determine if a file already exists. So it could be possible for an attacker to determine for someone if some other mail.ru user received a file with some given contents.
- They rely on no-one being able to construct a collision of (SHA1, CRC32, size)
I believe SHA1 collisions are at least possible.
If it was possible to construct such a collision you could change someone else's files by sending an email earlier with the collision.
- It may be possible to use timing to determine if a file already exists. So it could be possible for an attacker to determine for someone if some other mail.ru user received a file with some given contents.
- They rely on no-one being able to construct a collision of (SHA1, CRC32, size) I believe SHA1 collisions are at least possible. If it was possible to construct such a collision you could change someone else's files by sending an email earlier with the collision.