Re: About git and the use of SHA-1

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Russ Dill

Subject: Re: About git and the use of SHA-1

Date: Tuesday, April 29, 2008 - 9:24 am

On Tue, Apr 29, 2008 at 7:37 AM, Andreas Ericsson <ae@op5.se> wrote:
quoted text>
> Paolo Bonzini wrote:
>
> >
> >
> > > I can think of one way to make git a lot more resilient to hash
> > > collisions, regardless of which hash is used, namely: Add the length
> > > of the hashed object to the hash.
> > >
> >
> > Not really, because most attacks are about collisions, not second
> preimages.  They produce two 64-byte blocks (hence, same length) with the
> same hash value.
> >
> > As such, they allow to change a blob that *the attacker* injected in the
> repository.  The way the more "spectacular" attacks are devised requires a
> "language" with conditional expressions -- for documents, for example,
> Postscript is used.  If you prepare a postscript file whose code is
> >
> >   if (AAAA == BBBB)
> >     typeset document 1
> >   else
> >     typeset document 2
> >
> > where AAAA and BBBB are collisions, and you change it to "if (BBBB ==
> BBBB) the hash will be the same, but the outcome will be document 1 instead
> of document 2.
> >
> > The fact that this requires having the two "behaviors" in the blob is not
> a big deal for source code, going in the wrong branch of an "if" can be an
> attack.  On the other hand, it makes adding the length useless for collision
> attacks.  True, it wouldn't be useless for second preimage attacks, but
> SHA-1 is still secure with respect to those.
> >
> >
>
>  So what you're saying is that if someone owns a repository and adds a
>  file to it, he can then replace his entire repository with an identical
>  one where the good file is replaced with a bad one, and this will affect
>  people who clone *after* the file gets replaced.
>

No, if someone 0wnz a repository, not owns (Or really, malicious
mirror owners could be in on it). Either that or some form of
redirection attack. When you download a tarball, you can check the
signed checksum that is downloadable along with it. When you clone a
repo, you depend on signed tags.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

About git and the use of SHA-1, Henrik Austad, (Mon Apr 28, 9:29 am)

Re: About git and the use of SHA-1, Daniel Barkalow, (Mon Apr 28, 12:34 pm)

Re: About git and the use of SHA-1, Henrik Austad, (Mon Apr 28, 2:29 pm)

Re: About git and the use of SHA-1, Daniel Barkalow, (Mon Apr 28, 3:15 pm)

Re: About git and the use of SHA-1, Andreas Ericsson, (Mon Apr 28, 11:38 pm)

Re: About git and the use of SHA-1, Russ Dill, (Tue Apr 29, 12:09 am)

Re: About git and the use of SHA-1, Andreas Ericsson, (Tue Apr 29, 12:21 am)

Re: About git and the use of SHA-1, Sverre Rabbelier, (Tue Apr 29, 4:05 am)

Re: About git and the use of SHA-1, Andreas Ericsson, (Tue Apr 29, 5:27 am)

Re: About git and the use of SHA-1, Dmitry Potapov, (Tue Apr 29, 5:41 am)

Re: About git and the use of SHA-1, Jurko Gospodnetić, (Tue Apr 29, 5:46 am)

Re: About git and the use of SHA-1, Paolo Bonzini, (Tue Apr 29, 6:05 am)

Re: About git and the use of SHA-1, Andreas Ericsson, (Tue Apr 29, 7:37 am)

Re: About git and the use of SHA-1, Andreas Ericsson, (Tue Apr 29, 7:41 am)

Re: About git and the use of SHA-1, Paolo Bonzini, (Tue Apr 29, 7:52 am)

Re: About git and the use of SHA-1, Tom Widmer, (Tue Apr 29, 8:02 am)

Re: About git and the use of SHA-1, Geoffrey Irving, (Tue Apr 29, 8:34 am)

Re: About git and the use of SHA-1, Nicolas Pitre, (Tue Apr 29, 8:42 am)

Re: About git and the use of SHA-1, Geoffrey Irving, (Tue Apr 29, 8:59 am)

Re: About git and the use of SHA-1, Russ Dill, (Tue Apr 29, 9:21 am)

Re: About git and the use of SHA-1, Russ Dill, (Tue Apr 29, 9:24 am)

Re: About git and the use of SHA-1, Daniel Barkalow, (Tue Apr 29, 9:27 am)

Re: About git and the use of SHA-1, Nicolas Pitre, (Tue Apr 29, 9:39 am)

Re: About git and the use of SHA-1, Tom Widmer, (Tue Apr 29, 10:08 am)

Re: About git and the use of SHA-1, Geoffrey Irving, (Tue Apr 29, 10:48 am)

Re: About git and the use of SHA-1, Nicolas Pitre, (Tue Apr 29, 10:55 am)

Re: About git and the use of SHA-1, Geoffrey Irving, (Tue Apr 29, 11:02 am)

Re: About git and the use of SHA-1, Matthieu Moy, (Tue Apr 29, 11:17 am)

Re: About git and the use of SHA-1, Fredrik Skolmli, (Tue Apr 29, 11:23 am)

Re: About git and the use of SHA-1, Daniel Barkalow, (Tue Apr 29, 11:41 am)

Re: About git and the use of SHA-1, Geoffrey Irving, (Tue Apr 29, 1:31 pm)

Re: About git and the use of SHA-1, Fredrik Skolmli, (Tue Apr 29, 1:50 pm)

Re: About git and the use of SHA-1, Geoffrey Irving, (Tue Apr 29, 2:39 pm)

Re: About git and the use of SHA-1, Fredrik Skolmli, (Tue Apr 29, 2:52 pm)

Re: About git and the use of SHA-1, Martin Langhoff, (Tue Apr 29, 7:58 pm)

Re: About git and the use of SHA-1, Geoffrey Irving, (Tue Apr 29, 10:18 pm)

Re: About git and the use of SHA-1, David Brown, (Tue Apr 29, 10:47 pm)

Re: About git and the use of SHA-1, Martin Langhoff, (Tue Apr 29, 10:56 pm)


linux-kernel:
Mel Gorman	Re: [PATCH 1/4] vmstat: remove zone->lock from walk_zones_in_node
Guenter Roeck	Re: [lm-sensors] Location for thermal drivers
David Woodhouse	Re: RFC: Moving firmware blobs out of the kernel.
Siddha, Suresh B	Re: [PATCH 2.6.21 review I] [11/25] x86: default to physical mode on hotplug CPU k...
Peter Zijlstra	Re: [patch 4/6] mm: merge populate and nopage into fault (fixes nonlinear)
git-commits-head:
Linux Kernel Mailing List	[MIPS] Fix potential latency problem due to non-atomic cpu_wait.
Linux Kernel Mailing List	USB: rename USB_SPEED_VARIABLE to USB_SPEED_WIRELESS
Linux Kernel Mailing List	lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param)
Linux Kernel Mailing List	[Bluetooth] Initiate authentication during connection establishment
Linux Kernel Mailing List	[POWERPC] 4xx: Add ppc40x_defconfig
linux-netdev:
MERCEDES	Your mail id has won 950,000.00 in the MERCEDES Benz Online Promo.for claims send:
David Miller	Re: [PATCH] xen/netfront: do not mark packets of length < MSS as GSO
David Miller	Re: skb_segment() questions
Shan Wei	[RFC PATCH net-next 2/5]IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeou...
Stanislaw Gruszka	[PATCH 1/4] bnx2x: use smp_mb() to keep ordering of read write operations
git:
Nicolas Sebrecht	git-svn died of signal 11 (was "3 failures on test t9100 (svn)")
Junio C Hamano	Re: [PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
Martin Langhoff	Re: [PATCH] GIT commit statistics.
Alexandre Julliard	[PATCH] gitweb: Put back shortlog instead of graphiclog in the project list.
Josh Triplett	[PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
openbsd-misc:
Taisto Qvist XX	Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics wi...
Nico Meijer	Re: gOS Develop Kit with VIA pc-1 Processor Platform VIA C7-D
Andreas Bihlmaier	Re: jetway board sensors (Fintek F71805F)
admin	Drive a 2009 car from R799p/m
Antti Harri	Re: how to create a sha256 hash