1 |
On Mon, Sep 15, 2014 at 7:02 AM, hasufell <hasufell@g.o> wrote: |
2 |
|
3 |
> hasufell: |
4 |
> > |
5 |
> > * there is no known SHA-1 collision afais |
6 |
> > * calculating one isn't that hard. NSA might be able to do it in |
7 |
> > reasonable time |
8 |
> > * however, the algorithms to do that will come up with random garbage, |
9 |
> > so it's a completely different thing to hide a useful vulnerability |
10 |
> > behind a SHA-1 collision |
11 |
> > |
12 |
> |
13 |
> That said... an attacker who has that much resources to calculate a |
14 |
> _random_ hash collision in reasonable time would certainly have a lot of |
15 |
> easier attack vectors than forging a _non-random_ hash collision that |
16 |
> contains actual working code (which, afaiu doesn't effectively work with |
17 |
> the current attack algorithms on SHA-1). |
18 |
> |
19 |
> He could simply break into one of the ~200 developer computers. There's |
20 |
> a pretty high chance at least one of them is running windows or known |
21 |
> vulnerable versions of the kernel or other random packages. |
22 |
> |
23 |
> No need to waste millions of dollars on SHA-1. |
24 |
> |
25 |
|
26 |
Even if you wanted to burn the money to find that magical collision that |
27 |
actually contains working code, you've still got to somehow propagate that |
28 |
to other repositories, since they'll just ignore it for having the same |
29 |
hash as an already-existing object. |