List Archive: gentoo-scm
On Friday 05 June 2009, Robin H. Johnson wrote:
> On Fri, Jun 05, 2009 at 02:59:18PM +0200, Robert Buchholz wrote:
...
> > 2. It is not well designed (cryptographically)
> > OpenGPG allows the usage of a set of cryptographic hash function to
> > sign a document. This allows people to switch to a different
> > function once attacks against one algorithm become known. This has
> > been recently seen with SHA-1:
> > http://www.debian-administration.org/users/dkg/weblog/48
>
> I only stated that we need to offer GPG signing of commits. I did NOT
> specify the content of commits, other than noting that the commit
> message and the content needs to be signed together.
I don't think I understood what you meant to say, sorry. As I understand
the current proposal, it would be over the SHA-1 of the objects, the
parent and the commit message.
> > The git signing, however, relies on the collision resistance of
> > SHA-1 as that algorithm is used to identify objects in the
> > repository. We cannot migrate away from it easily. This has been
> > discussed upstream at length and Linus pointed out that 'the
> > "signed tags" security does depend on the hashes being
> > cryptographically strong.':
> > http://thread.gmane.org/gmane.comp.version-control.git/26106/focus=
> >26125
>
> The collision is going to come along anyway.
>
> Resigning would have to be done regardless of what we sign in Git.
> Not sure if you followed more recent discussions than one in 2006.
> The entire Git foodchain will suffer when it comes time to migrate
> away from SHA-2. Presently discussions of it imply that it's to be
> done probably as a versioned change, after the NIST hash competition
> comes up with a viable answer.
I have not seen any statements that would indicate they intended to
switch ever, do you have a reference? I only found discussions as
recent as April 2008. If it will be possible to use one (at that time)
stronger hash function, my argument is defeated. I wanted to point out
that right now they only support one function that is increasingly
weakened, and I have the feeling upstream will only act once collisions
become practical, which is -IMHO- too late.
Robert
|
| Attachment: |
|
signature.asc (This is a digitally signed message part.)
|
| Replies: |
Re: gpg signing of commits, was: Progress summary, 2009/06/01
-- Robin H. Johnson
|
| References: |
Progress summary, 2009/06/01
-- Robin H. Johnson
|
gpg signing of commits, was: Progress summary, 2009/06/01
-- Robert Buchholz
|
Re: gpg signing of commits, was: Progress summary, 2009/06/01
-- Robin H. Johnson
|
| Navigation: |
|
Lists:
gentoo-scm:
< Prev
By Thread
Next >
< Prev
By Date
Next >
|
| Previous by thread: |
| Re: gpg signing of commits, was: Progress summary, 2009/06/01 |
| Next by thread: |
| Re: gpg signing of commits, was: Progress summary, 2009/06/01 |
| Previous by date: |
| Re: Progress summary, 2009/06/01 |
| Next by date: |
| Re: gpg signing of commits, was: Progress summary, 2009/06/01 |
|
