Gentoo Archives: gentoo-scm

From: Robert Buchholz <rbu@g.o>
To: gentoo-scm@l.g.o
Cc: "Robin H. Johnson" <robbat2@g.o>
Subject: Re: [gentoo-scm] gpg signing of commits, was: Progress summary, 2009/06/01
Date: Tue, 09 Jun 2009 01:50:47
Message-Id: 200906090350.43278.rbu@gentoo.org
In Reply to: Re: [gentoo-scm] gpg signing of commits, was: Progress summary, 2009/06/01 by "Robin H. Johnson"
On Friday 05 June 2009, Robin H. Johnson wrote:
> On Fri, Jun 05, 2009 at 02:59:18PM +0200, Robert Buchholz wrote:
...
> > 2. It is not well designed (cryptographically) > > OpenGPG allows the usage of a set of cryptographic hash function to > > sign a document. This allows people to switch to a different > > function once attacks against one algorithm become known. This has > > been recently seen with SHA-1: > > http://www.debian-administration.org/users/dkg/weblog/48 > > I only stated that we need to offer GPG signing of commits. I did NOT > specify the content of commits, other than noting that the commit > message and the content needs to be signed together.
I don't think I understood what you meant to say, sorry. As I understand the current proposal, it would be over the SHA-1 of the objects, the parent and the commit message.
> > The git signing, however, relies on the collision resistance of > > SHA-1 as that algorithm is used to identify objects in the > > repository. We cannot migrate away from it easily. This has been > > discussed upstream at length and Linus pointed out that 'the > > "signed tags" security does depend on the hashes being > > cryptographically strong.': > > http://thread.gmane.org/gmane.comp.version-control.git/26106/focus= > >26125 > > The collision is going to come along anyway. > > Resigning would have to be done regardless of what we sign in Git. > Not sure if you followed more recent discussions than one in 2006. > The entire Git foodchain will suffer when it comes time to migrate > away from SHA-2. Presently discussions of it imply that it's to be > done probably as a versioned change, after the NIST hash competition > comes up with a viable answer.
I have not seen any statements that would indicate they intended to switch ever, do you have a reference? I only found discussions as recent as April 2008. If it will be possible to use one (at that time) stronger hash function, my argument is defeated. I wanted to point out that right now they only support one function that is increasingly weakened, and I have the feeling upstream will only act once collisions become practical, which is -IMHO- too late. Robert

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-scm] gpg signing of commits, was: Progress summary, 2009/06/01 "Robin H. Johnson" <robbat2@g.o>