1 |
On Tue, Jun 09, 2009 at 03:50:35AM +0200, Robert Buchholz wrote: |
2 |
> > I only stated that we need to offer GPG signing of commits. I did NOT |
3 |
> > specify the content of commits, other than noting that the commit |
4 |
> > message and the content needs to be signed together. |
5 |
> I don't think I understood what you meant to say, sorry. As I understand |
6 |
> the current proposal, it would be over the SHA-1 of the objects, the |
7 |
> parent and the commit message. |
8 |
That's what I'd like it to be over yes. |
9 |
|
10 |
> I have not seen any statements that would indicate they intended to |
11 |
> switch ever, do you have a reference? |
12 |
I'll dig around for it, it was just in reading the list directly. |
13 |
There is minimal value in switching to even SHA-512 right now for Git. |
14 |
The SHA-1 attacks have been extended to the entire SHA family. |
15 |
|
16 |
> I only found discussions as recent as April 2008. If it will be |
17 |
> possible to use one (at that time) stronger hash function, my argument |
18 |
> is defeated. I wanted to point out that right now they only support |
19 |
> one function that is increasingly weakened, and I have the feeling |
20 |
> upstream will only act once collisions become practical, which is |
21 |
> -IMHO- too late. |
22 |
We're at their mercy already. If you can attack SHA1 and choose the hash |
23 |
of your malicious content given the only restriction as the file size, |
24 |
you can insert a file anywhere in the repository already. |
25 |
|
26 |
All of the attacks thusfar have been chosen plaintext and preimage |
27 |
attacks. Current state of the art for SHA-1 is 2^52, as announced here: |
28 |
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf |
29 |
(and I think SHA-512 is around 2^140, weaker than even bruteforce |
30 |
against SHA-1). |
31 |
|
32 |
I'd be far more concerned about a user introducing a chosen plaintext |
33 |
that he already has the attack against. |
34 |
|
35 |
-- |
36 |
Robin Hugh Johnson |
37 |
Gentoo Linux Developer & Infra Guy |
38 |
E-Mail : robbat2@g.o |
39 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |