1 |
Kent Fredric posted on Sun, 21 Sep 2014 09:14:36 +1200 as excerpted: |
2 |
|
3 |
> That is to say: without gpg, you can just create some random commit with |
4 |
> some arbitrary content and push it somewhere, and you can pretend you're |
5 |
> a gentoo dev and pretend you're writing commits as them. |
6 |
> |
7 |
> GPG sufficiently prevents that from happening, and takes it from ameteur |
8 |
> grade imposter requirements to NSA grade imposter requirements. And |
9 |
> that's not a bad compromise for being imperfect. |
10 |
|
11 |
I've seen this idea repeated several times in this thread and it bothers |
12 |
me. |
13 |
|
14 |
In practice, gpg doesn't take it to NSA grade, even in theory it might. |
15 |
|
16 |
The problem is this. A gpg signature does *NOT* ensure that the person |
17 |
whose name is attached to a public/private key pair actually did the |
18 |
signature. *ALL* it ensures is that someone with access to the |
19 |
particular private key in question signed the content. |
20 |
|
21 |
Gpg doesn't know or care whether the person with that signing key is who |
22 |
they say they are or not. All it knows/cares is that whoever they are, |
23 |
they have that key. If the person who owned that key didn't keep the |
24 |
private half secure and someone else got ahold of it, game-over. Until |
25 |
it's caught and the key revoked, that person can act with impunity as |
26 |
person-in-possession of that key. |
27 |
|
28 |
Now realistically, gentoo has ~250 devs working in all sorts of different |
29 |
situations. What is the change that NONE of those 250 people EVER lets |
30 |
someone else have access, whether due to letting them borrow the machine |
31 |
and then going to the restroom, or due to loss of laptop in a taxi or |
32 |
something, or due to malware? |
33 |
|
34 |
IIRC the number of folks with kernel.org access was something similarly |
35 |
close to ~250 or so, before someone got their access creds stolen and |
36 |
kernel.org got hacked. |
37 |
|
38 |
And as far as we know, that was *NOT* the NSA. It was just some cracker |
39 |
group wanting access to good network bandwidth for their botnet, and they |
40 |
either didn't realize what they had or didn't know what to do with it |
41 |
once they realized it. |
42 |
|
43 |
Basically, with ~250 devs, we can pretty much must assume that somebody's |
44 |
secret key is compromised at any point in time. We don't know whose and |
45 |
we don't know whether it's even bad guys, not just some innocent that |
46 |
doesn't have the foggiest, and we might get lucky, but someone's key is |
47 |
either compromised at any particular point or relatively soon will be. |
48 |
With 250 devs out there living life, it's foolish to assume otherwise. |
49 |
|
50 |
|
51 |
With 250 devs with signing keys and all of them having access to the |
52 |
entire tree, their humanity is the weak link, not SHA1. SHA1 is a major |
53 |
exercise in unnecessary pain, compared to this weak link. No NSA grade |
54 |
resources needed, and with 250 people out their spinning the roulette |
55 |
wheel of life every day that they aren't going to forget their laptop in |
56 |
a taxi somewhere, it's either already happened or it WILL happen. That's |
57 |
a given. |
58 |
|
59 |
Plus, even the NSA has their Edward Snowdens. Perhaps it won't be some |
60 |
bad guy getting ahold of a key. It's just as likely to be a "good" gentoo |
61 |
dev either turning bad, or never "good" in the first place. |
62 |
|
63 |
So at least from here, all this worry about SHA1 is much ado about |
64 |
nothing. The real worry is elsewhere. Someone's has or will have |
65 |
unauthorized access to a signing key, and once they do it's simply a |
66 |
matter of chance whether they're a bad guy that knows what to do with |
67 |
it. The real question is what systems we have in place to catch that and |
68 |
to stop-loss when we do detect it? Because now or latter, it either has |
69 |
already happened or WILL happen. We'd be foolish to assume anything else. |
70 |
|
71 |
And git's not going to change that one bit. Neither will all the signing |
72 |
and secure hashes in the world. |
73 |
|
74 |
-- |
75 |
Duncan - List replies preferred. No HTML msgs. |
76 |
"Every nonfree program has a lord, a master -- |
77 |
and if you use the program, he is your master." Richard Stallman |