Steffen Nurpmeso wrote this message on Wed, Dec 23, 2020 at 17:24 +0100: > |Then there's also the point that the repo is (looks like it) using > |SHA-1 hashes, which are effectively broken, so depending upon them > |to validate the tree is questionable anyways. > > git uses the hardened SHA-1 for sure, which is, as far as i know, > at least safe against the known attack. > I .. have not tracked this, but i think upgrading to SHA-256 is > possible, once this will become standard. Just even more > metadata, then. I have not looked into this, still in progress. A new attack came out earlier this year: https://eprint.iacr.org/2020/014.pdf >From the paper: > In particular, chosen-prefix collisions can break signature schemes and > handshake security in secure channel protocols (TLS, SSH), if generated > extremely quickly. The previous attack in 2017 did not break SHA-1 enough to render it's use by git vulnerable, but the writing was on the wall for SHA-1... I believe this new attack makes git's use a SHA-1 vulnerable... The type/length prefix that prevented the previous attacks from working is not effective against the new attack... Also, the cost of the attack is not great ($45k), considering the recent SolarWinds supply chain attack, being able to smuggle a modified file into a git repo, say an OS's build server, such that the tools don't know the tree is modified is a real problem... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."Received on Tue Dec 29 2020 - 00:19:43 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:26 UTC