From: Herczeg Zsolt <zsolt94@gmail.com>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Cc: Git <git@vger.kernel.org>, "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: Git and SHA-1 security (again)
Date: Mon, 18 Jul 2016 19:48:12 +0200 [thread overview]
Message-ID: <CAPp-Vra5ri7V03SSkU6=UnWrsq-jk0XcNpQuzGH8kQxE-TkPjA@mail.gmail.com> (raw)
In-Reply-To: <CACBZZX5wjhYosupW=-n7UbbXAQug+sgSNS+jm_uUn6QwC8p6Aw@mail.gmail.com>
> In particular, as far as I know and as Theodore Ts'o's post describes
> better than I could[1], you seem to be confusing preimage attacks with
> collision attacks, and then concluding that because SHA1 is vulnerable
> to collision attacks that use-cases that would need a preimage attack
> to be compromised (which as far is I can tell, includes all your
> examples) are also "broken".
I understand the differences between the collision and preimage
attacks. A collision attack is not that bad for git in a typical
use-case. But I think that it's important to note that there are many
use-cases which do need a hash safe from collision attack. Some
examples:
You maintain a repository with gittorrent with signed commits Others
can use these signatures to verify it's original. Let's say you
include some safe file (potentially binary) from a third-party
contributor. That would be fine if the hash algo is safe. Currently
there is the possibility that you received a (safe) file which was
made to collide with another malicious one. Once you committed (and
signed) that file, the attacker joins the gittorrent network and
starts to distribute the malicious file. Suddenly most of your clients
pulling are infected however your signature is correct.
Or, you would like to make a continuous delivery system, where you use
signed tags. The delivery happens only when signature is right, and
the signer is responsible for it. Your colleague makes a collision,
pushes the good-file. You make all the tests, everything is fine, sign
and push and wait for the delivery to happen. Your colleague changes
the file on the server. The delivery makes a huge mass, and you're
fired.
Or, let's say you use a service like github, which is nice enough to
make a repository for you, with .gitignore, licenses and everything.
Likely, you'll never change dose files. Let's say that service made
one of those initial files to collide something bad. That means, they
can "infect" anyone, who is pulling your repo.
Do you need more hypothetical stories? There are a lot. Of course they
need a lot of work, and they're unlikely to happen. But it's possible.
If you need trust, and gpg signatures that means you need ultimate
trust. What's the point in making GPG signatures anyway if you cannot
ultimately trust them? You could just as well say: well that's
repository is only reachable by trustworthy persons, everything here
is just fine and really made by the person named in the "author
field".
next prev parent reply other threads:[~2016-07-18 17:48 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-16 13:48 Git and SHA-1 security (again) Herczeg Zsolt
2016-07-16 20:13 ` brian m. carlson
2016-07-16 21:46 ` Herczeg Zsolt
2016-07-16 22:03 ` brian m. carlson
2016-07-17 8:01 ` Johannes Schindelin
2016-07-17 14:21 ` brian m. carlson
2016-07-17 15:19 ` Duy Nguyen
2016-07-17 15:42 ` brian m. carlson
2016-07-17 16:23 ` Theodore Ts'o
2016-07-17 22:04 ` brian m. carlson
[not found] ` <1468804249.2037.0@smtp.gmail.com>
2016-07-18 1:18 ` Fwd: " Herczeg Zsolt
2016-07-18 7:12 ` Johannes Schindelin
2016-07-18 15:09 ` Herczeg Zsolt
2016-07-18 15:57 ` Johannes Schindelin
2016-07-18 16:05 ` Duy Nguyen
2016-07-19 7:18 ` Johannes Schindelin
2016-07-19 15:31 ` Duy Nguyen
2016-07-19 17:34 ` David Lang
2016-07-19 17:43 ` Duy Nguyen
2016-07-19 17:59 ` David Lang
2016-07-19 18:04 ` Duy Nguyen
2016-07-19 18:58 ` Herczeg Zsolt
2016-07-20 14:48 ` Duy Nguyen
2016-07-20 12:28 ` Johannes Schindelin
2016-07-20 14:44 ` Duy Nguyen
2016-07-20 17:10 ` Stefan Beller
2016-07-20 19:26 ` Junio C Hamano
2016-08-22 22:01 ` Philip Oakley
2016-07-18 16:12 ` Herczeg Zsolt
2016-07-19 7:21 ` Johannes Schindelin
2016-07-18 18:00 ` Junio C Hamano
2016-07-18 21:26 ` Jonathan Nieder
2016-07-18 23:03 ` brian m. carlson
2016-07-21 13:19 ` Johannes Schindelin
2016-07-21 12:53 ` Johannes Schindelin
2016-07-22 15:59 ` Junio C Hamano
2016-07-18 7:00 ` Johannes Schindelin
2016-07-18 22:44 ` brian m. carlson
2016-07-21 14:13 ` Johannes Schindelin
2016-07-18 16:51 ` Duy Nguyen
2016-07-19 7:31 ` Johannes Schindelin
2016-07-19 7:46 ` David Lang
2016-07-19 16:07 ` Duy Nguyen
2016-07-19 17:06 ` Junio C Hamano
2016-07-19 17:27 ` Duy Nguyen
2016-07-19 18:46 ` Junio C Hamano
2016-07-18 16:51 ` Ævar Arnfjörð Bjarmason
2016-07-18 17:48 ` Herczeg Zsolt [this message]
2016-07-18 20:01 ` David Lang
2016-07-18 20:02 ` Ævar Arnfjörð Bjarmason
2016-07-18 20:55 ` Junio C Hamano
2016-07-18 21:28 ` Herczeg Zsolt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPp-Vra5ri7V03SSkU6=UnWrsq-jk0XcNpQuzGH8kQxE-TkPjA@mail.gmail.com' \
--to=zsolt94@gmail.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).