From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: "Coiner\, John" <John.Coiner@amd.com>
Cc: "git\@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: git, monorepos, and access control
Date: Wed, 05 Dec 2018 23:37:54 +0100 [thread overview]
Message-ID: <875zw7zjjx.fsf@evledraar.gmail.com> (raw)
In-Reply-To: <939efd87-b2af-29d7-efdd-9cf8f6de9d10@amd.com>
On Wed, Dec 05 2018, Coiner, John wrote:
I forgot to mention this in my initial reply in
<878t13zp8y.fsf@evledraar.gmail.com>, but on a re-reading I re-spotted
this:
> - hashes are secret. If the hashes from a protected tree leak, the
> data also leaks. No check on the server prevents it from handing out
> contents for correctly-guessed hashes.
This is a thing I know *way* less about so maybe I'm completely wrong,
but even if we have all the rest of the things outlined in your post to
support this, isn't this part going to be susceptible to timing attacks?
We'll do more work if you send a SHA-1 during negotiation that shares a
prefix with an existing SHA-1, since we need to binary search & compare
further. SHA-1 is 160 bits which gives you a huge space of potential
hashes, but not if I can try one bit at a time working from the start of
the hash to work my way to a valid existing hash stored on the server.
Of course that assumes a way to do this over the network, it'll be on
AMD's internal network so much faster than average, but maybe this is
completely implausible.
NetSpectre was different and relied on executing code on the remote
computer in a sandbox, not waiting for network roundtrips for each try,
so maybe this would be a non-issue.
prev parent reply other threads:[~2018-12-05 22:37 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-05 20:13 git, monorepos, and access control Coiner, John
2018-12-05 20:34 ` Ævar Arnfjörð Bjarmason
2018-12-05 20:43 ` Derrick Stolee
2018-12-05 20:58 ` Duy Nguyen
2018-12-05 21:12 ` Ævar Arnfjörð Bjarmason
2018-12-05 23:42 ` Coiner, John
2018-12-06 7:23 ` Jeff King
2018-12-05 21:01 ` Jeff King
2018-12-06 0:23 ` brian m. carlson
2018-12-06 1:08 ` Junio C Hamano
2018-12-06 7:20 ` Jeff King
2018-12-06 9:17 ` Ævar Arnfjörð Bjarmason
2018-12-06 9:30 ` Jeff King
2018-12-06 20:08 ` Johannes Schindelin
2018-12-06 22:15 ` Stefan Beller
2018-12-06 22:59 ` Coiner, John
2018-12-05 22:37 ` Ævar Arnfjörð Bjarmason [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875zw7zjjx.fsf@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=John.Coiner@amd.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).