Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-scm
Navigation:
Lists: gentoo-scm: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-scm@g.o
From: "Robin H. Johnson" <robbat2@g.o>
Subject: Re: gpg signing of commits, was: Progress summary, 2009/06/01
Date: Mon, 8 Jun 2009 19:46:33 -0700
On Tue, Jun 09, 2009 at 03:50:35AM +0200, Robert Buchholz wrote:
> > I only stated that we need to offer GPG signing of commits. I did NOT
> > specify the content of commits, other than noting that the commit
> > message and the content needs to be signed together.
> I don't think I understood what you meant to say, sorry. As I understand 
> the current proposal, it would be over the SHA-1 of the objects, the 
> parent and the commit message.
That's what I'd like it to be over yes.

> I have not seen any statements that would indicate they intended to 
> switch ever, do you have a reference?
I'll dig around for it, it was just in reading the list directly.
There is minimal value in switching to even SHA-512 right now for Git.
The SHA-1 attacks have been extended to the entire SHA family.

> I only found discussions as recent as April 2008. If it will be
> possible to use one (at that time) stronger hash function, my argument
> is defeated. I wanted to point out that right now they only support
> one function that is increasingly weakened, and I have the feeling
> upstream will only act once collisions become practical, which is
> -IMHO- too late.
We're at their mercy already. If you can attack SHA1 and choose the hash
of your malicious content given the only restriction as the file size,
you can insert a file anywhere in the repository already.

All of the attacks thusfar have been chosen plaintext and preimage
attacks. Current state of the art for SHA-1 is 2^52, as announced here:
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
(and I think SHA-512 is around 2^140, weaker than even bruteforce
against SHA-1).

I'd be far more concerned about a user introducing a chosen plaintext
that he already has the attack against.

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail     : robbat2@g.o
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85


References:
Progress summary, 2009/06/01
-- Robin H. Johnson
gpg signing of commits, was: Progress summary, 2009/06/01
-- Robert Buchholz
Re: gpg signing of commits, was: Progress summary, 2009/06/01
-- Robin H. Johnson
Re: gpg signing of commits, was: Progress summary, 2009/06/01
-- Robert Buchholz
Navigation:
Lists: gentoo-scm: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: gpg signing of commits, was: Progress summary, 2009/06/01
Next by thread:
Re: Progress summary, 2009/06/01
Previous by date:
Re: gpg signing of commits, was: Progress summary, 2009/06/01
Next by date:
New hooks for git, was: Progress summary, 2009/06/01


Updated Jun 17, 2009

Summary: Archive of the gentoo-scm mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.