| 1 |
Hi Rich, |
| 2 |
|
| 3 |
On 4/6/22, Rich Freeman <rich0@g.o> wrote: |
| 4 |
> On Tue, Apr 5, 2022 at 8:05 PM Sam James <sam@g.o> wrote: |
| 5 |
> Our security fails currently if EITHER SHA2-512 or a hardened version |
| 6 |
> of SHA-1 are defeated. Our top gpg signature is bound to a git commit |
| 7 |
> record by SHA2-512, and the git commit record is bound to everything |
| 8 |
> else in the repository (including the manifest objects) by SHA-1, |
| 9 |
> because git hasn't transitioned away from that (as far as I'm aware it |
| 10 |
> is still a work in progress - the SHA-1 algorithm it uses is hardened |
| 11 |
> against known attacks). |
| 12 |
|
| 13 |
Sort of. The security between infra and users relies on SHA2-512. The |
| 14 |
security between devs and infra relies on SHA-1. I guess the "full |
| 15 |
system" depends on both, but I've been focused on the more likely |
| 16 |
issue of a community-run mirror serving bogus files. |
| 17 |
|
| 18 |
> I agree that this is an unlikely scenario, so it is a judgement call |
| 19 |
> as to whether the ease of recovery in the event of a failure is worth |
| 20 |
> the cost to maintain the second hash. I agree that we'd need double |
| 21 |
> algorithms in the whole stack to prevent a failure, but in the current |
| 22 |
> state we do have advantages for recovering from a failure after the |
| 23 |
> fact. |
| 24 |
> |
| 25 |
> It seems that the likely scenario is that we get advance warning of |
| 26 |
> weaknesses in a hash function, but without a practical exploit being |
| 27 |
> readily available. In that case we could do a more orderly |
| 28 |
> transition. We'd still save time with the double hashed manifests, |
| 29 |
> and whether this makes a difference is hard to say. |
| 30 |
|
| 31 |
Yea I see this argument, but I don't quite buy it. Maintaining two |
| 32 |
sets of hashes for the unlikely event that one gets broken AND we |
| 33 |
absolutely cannot incrementally transition gradually to an unbroken |
| 34 |
one seems rather overblown. |
| 35 |
|
| 36 |
Jason |
Archives