From: Theodore Ts'o <tytso@mit.edu>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: David Turner <dturner@twopensource.com>,
Stefan Beller <sbeller@google.com>,
"git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: Migrating away from SHA-1?
Date: Thu, 14 Apr 2016 18:40:51 -0400 [thread overview]
Message-ID: <20160414224051.GD16656@thunk.org> (raw)
In-Reply-To: <71A5D062-FCCD-42E5-80A8-AA9D8DE20604@zytor.com>
On Thu, Apr 14, 2016 at 10:28:50AM -0700, H. Peter Anvin wrote:
>
> Either way, I agree with Ted, that we have enough time to do it
> right, but that is a good reason to do it sooner rather than later
> (see also my note about freezing the cryptographic properties.)
Sure, I think we should do it as well. But the fact that the attacker
will likely need to get a commit into the tree in order to be able to
carry out a collision attack means that it's easier (and probably less
detectable) to get some underhanded C code into the tree. For one
thing, you just need to introduce it via a patch ("Hi, I'm super eager
newbie Nick, here's a cleanup patch!"), as opposed to getting a
sublieutenant to accept a git pull request.
Also, remember that while we can write programs that look for
suspicious git objects that have stuff hidden after the null
terminator (in fact, maybe that would be a good thing to add to git,
hmmm?), the state of the art in detecting underhanded C code which is
deliberately designed to not be noticed by static code checkers (or
humans doing a superficial code review, for that matter) is not
particularly encouraging to me.
- Ted
next prev parent reply other threads:[~2016-04-14 22:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-12 22:38 Migrating away from SHA-1? H. Peter Anvin
2016-04-12 23:00 ` Stefan Beller
2016-04-12 23:06 ` H. Peter Anvin
2016-04-12 23:15 ` Jeff King
2016-04-12 23:15 ` David Turner
2016-04-12 23:44 ` Jeff King
2016-04-14 1:53 ` Theodore Ts'o
2016-04-14 16:47 ` Joey Hess
2016-04-14 17:23 ` David Turner
2016-04-14 17:28 ` H. Peter Anvin
2016-04-14 22:40 ` Theodore Ts'o [this message]
2016-04-15 2:13 ` Jeff King
2016-04-15 2:18 ` Junio C Hamano
2016-04-15 2:22 ` Jeff King
2016-04-12 23:42 ` Jeff King
2016-04-13 1:03 ` Junio C Hamano
2016-04-13 1:36 ` Jeff King
2016-04-13 1:38 ` H. Peter Anvin
2016-04-13 1:51 ` Duy Nguyen
2016-04-13 1:58 ` H. Peter Anvin
2016-04-15 1:50 ` brian m. carlson
-- strict thread matches above, loose matches on Subject: below --
2016-06-18 2:10 Leo Gaspard
2016-06-18 3:30 ` Eric Wong
2016-06-24 18:17 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160414224051.GD16656@thunk.org \
--to=tytso@mit.edu \
--cc=dturner@twopensource.com \
--cc=git@vger.kernel.org \
--cc=hpa@zytor.com \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).