Re: Starting to think about sha-256? | KernelTrap

Re: Starting to think about sha-256?

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Jeff King <peff@...>

To: Linus Torvalds <torvalds@...>

Cc: David Lang <david.lang@...>, Johannes Schindelin <Johannes.Schindelin@...>, Krzysztof Halasa <khc@...>, Jeff Garzik <jeff@...>, Git Mailing List <git@...>

Subject: Re: Starting to think about sha-256?

Date: Monday, August 28, 2006 - 2:32 pm

On Mon, Aug 28, 2006 at 10:56:01AM -0700, Linus Torvalds wrote:

quoted text> However, the "earlier will override" is very much what you want from a 
> security standpoint: remember that the git model is that you should 
> primarily trust only your _own_ repository. So if you do a "git pull", the 

This concept breaks down somewhat if you are pulling from two
repositories (one good and one evil). If I pull from the evil repo
first, that will become my "earlier" object, and I will never get the
colliding object from the good repo.

Executing such an attack might not be that hard, either (once we get
over that little hump of creating collisions at will!). The owner of
'evil' has to know a SHA1 that will be in 'good' before it makes it to
'good'. However, I imagine we frequently see SHA1s migrate from more
central repos (like .../torvalds/linux-2.6.git) to less central ones
(subsystem / port maintainers, etc).

-Peff
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Starting to think about sha-256?, Jeff Garzik, (Sun Aug 27, 1:56 pm)

Re: Starting to think about sha-256?, Florian Weimer, (Tue Aug 29, 2:17 am)

Re: Starting to think about sha-256?, Krzysztof Halasa, (Sun Aug 27, 4:30 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Sun Aug 27, 4:46 pm)

Re: Starting to think about sha-256?, Johannes Schindelin, (Sun Aug 27, 6:02 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Sun Aug 27, 6:35 pm)

Re: Starting to think about sha-256?, David Lang, (Mon Aug 28, 1:27 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Mon Aug 28, 1:56 pm)

Re: Starting to think about sha-256?, Johannes Schindelin, (Mon Aug 28, 7:09 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Mon Aug 28, 7:48 pm)

Re: Starting to think about sha-256?, Krzysztof Halasa, (Mon Aug 28, 4:12 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Mon Aug 28, 4:20 pm)

Re: Starting to think about sha-256?, Krzysztof Halasa, (Mon Aug 28, 5:12 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Mon Aug 28, 5:23 pm)

Re: Starting to think about sha-256?, Jeff King, (Mon Aug 28, 2:32 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Mon Aug 28, 2:46 pm)

Re: Starting to think about sha-256?, Jeff King, (Mon Aug 28, 3:00 pm)

Re: Starting to think about sha-256?, Linus Torvalds, (Mon Aug 28, 2:06 pm)

Re: Starting to think about sha-256?, Krzysztof Halasa, (Sun Aug 27, 5:14 pm)

Navigation

Popular discussions


linux-kernel:
Linus Torvalds	Re: LSM conversion to static interface
Ingo Molnar	[patch 03/13] syslets: generic kernel bits
Ingo Molnar	Re: [PATCH 6/6] sched: disabled rt-bandwidth by default
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
git:

linux-netdev:
David Miller	[GIT]: Networking
Gregory Haskins	[RFC PATCH 00/17] virtual-bus
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Colocation donated by:

Who's online

There are currently 3 users and 1055 guests online.

Online users

Syndicate