| 1 |
On Mon, Sep 15, 2014 at 7:02 AM, hasufell <hasufell@g.o> wrote: |
| 2 |
|
| 3 |
> hasufell: |
| 4 |
> > |
| 5 |
> > * there is no known SHA-1 collision afais |
| 6 |
> > * calculating one isn't that hard. NSA might be able to do it in |
| 7 |
> > reasonable time |
| 8 |
> > * however, the algorithms to do that will come up with random garbage, |
| 9 |
> > so it's a completely different thing to hide a useful vulnerability |
| 10 |
> > behind a SHA-1 collision |
| 11 |
> > |
| 12 |
> |
| 13 |
> That said... an attacker who has that much resources to calculate a |
| 14 |
> _random_ hash collision in reasonable time would certainly have a lot of |
| 15 |
> easier attack vectors than forging a _non-random_ hash collision that |
| 16 |
> contains actual working code (which, afaiu doesn't effectively work with |
| 17 |
> the current attack algorithms on SHA-1). |
| 18 |
> |
| 19 |
> He could simply break into one of the ~200 developer computers. There's |
| 20 |
> a pretty high chance at least one of them is running windows or known |
| 21 |
> vulnerable versions of the kernel or other random packages. |
| 22 |
> |
| 23 |
> No need to waste millions of dollars on SHA-1. |
| 24 |
> |
| 25 |
|
| 26 |
Even if you wanted to burn the money to find that magical collision that |
| 27 |
actually contains working code, you've still got to somehow propagate that |
| 28 |
to other repositories, since they'll just ignore it for having the same |
| 29 |
hash as an already-existing object. |
Archives