| 1 |
Kent Fredric posted on Sun, 21 Sep 2014 09:14:36 +1200 as excerpted: |
| 2 |
|
| 3 |
> That is to say: without gpg, you can just create some random commit with |
| 4 |
> some arbitrary content and push it somewhere, and you can pretend you're |
| 5 |
> a gentoo dev and pretend you're writing commits as them. |
| 6 |
> |
| 7 |
> GPG sufficiently prevents that from happening, and takes it from ameteur |
| 8 |
> grade imposter requirements to NSA grade imposter requirements. And |
| 9 |
> that's not a bad compromise for being imperfect. |
| 10 |
|
| 11 |
I've seen this idea repeated several times in this thread and it bothers |
| 12 |
me. |
| 13 |
|
| 14 |
In practice, gpg doesn't take it to NSA grade, even in theory it might. |
| 15 |
|
| 16 |
The problem is this. A gpg signature does *NOT* ensure that the person |
| 17 |
whose name is attached to a public/private key pair actually did the |
| 18 |
signature. *ALL* it ensures is that someone with access to the |
| 19 |
particular private key in question signed the content. |
| 20 |
|
| 21 |
Gpg doesn't know or care whether the person with that signing key is who |
| 22 |
they say they are or not. All it knows/cares is that whoever they are, |
| 23 |
they have that key. If the person who owned that key didn't keep the |
| 24 |
private half secure and someone else got ahold of it, game-over. Until |
| 25 |
it's caught and the key revoked, that person can act with impunity as |
| 26 |
person-in-possession of that key. |
| 27 |
|
| 28 |
Now realistically, gentoo has ~250 devs working in all sorts of different |
| 29 |
situations. What is the change that NONE of those 250 people EVER lets |
| 30 |
someone else have access, whether due to letting them borrow the machine |
| 31 |
and then going to the restroom, or due to loss of laptop in a taxi or |
| 32 |
something, or due to malware? |
| 33 |
|
| 34 |
IIRC the number of folks with kernel.org access was something similarly |
| 35 |
close to ~250 or so, before someone got their access creds stolen and |
| 36 |
kernel.org got hacked. |
| 37 |
|
| 38 |
And as far as we know, that was *NOT* the NSA. It was just some cracker |
| 39 |
group wanting access to good network bandwidth for their botnet, and they |
| 40 |
either didn't realize what they had or didn't know what to do with it |
| 41 |
once they realized it. |
| 42 |
|
| 43 |
Basically, with ~250 devs, we can pretty much must assume that somebody's |
| 44 |
secret key is compromised at any point in time. We don't know whose and |
| 45 |
we don't know whether it's even bad guys, not just some innocent that |
| 46 |
doesn't have the foggiest, and we might get lucky, but someone's key is |
| 47 |
either compromised at any particular point or relatively soon will be. |
| 48 |
With 250 devs out there living life, it's foolish to assume otherwise. |
| 49 |
|
| 50 |
|
| 51 |
With 250 devs with signing keys and all of them having access to the |
| 52 |
entire tree, their humanity is the weak link, not SHA1. SHA1 is a major |
| 53 |
exercise in unnecessary pain, compared to this weak link. No NSA grade |
| 54 |
resources needed, and with 250 people out their spinning the roulette |
| 55 |
wheel of life every day that they aren't going to forget their laptop in |
| 56 |
a taxi somewhere, it's either already happened or it WILL happen. That's |
| 57 |
a given. |
| 58 |
|
| 59 |
Plus, even the NSA has their Edward Snowdens. Perhaps it won't be some |
| 60 |
bad guy getting ahold of a key. It's just as likely to be a "good" gentoo |
| 61 |
dev either turning bad, or never "good" in the first place. |
| 62 |
|
| 63 |
So at least from here, all this worry about SHA1 is much ado about |
| 64 |
nothing. The real worry is elsewhere. Someone's has or will have |
| 65 |
unauthorized access to a signing key, and once they do it's simply a |
| 66 |
matter of chance whether they're a bad guy that knows what to do with |
| 67 |
it. The real question is what systems we have in place to catch that and |
| 68 |
to stop-loss when we do detect it? Because now or latter, it either has |
| 69 |
already happened or WILL happen. We'd be foolish to assume anything else. |
| 70 |
|
| 71 |
And git's not going to change that one bit. Neither will all the signing |
| 72 |
and secure hashes in the world. |
| 73 |
|
| 74 |
-- |
| 75 |
Duncan - List replies preferred. No HTML msgs. |
| 76 |
"Every nonfree program has a lord, a master -- |
| 77 |
and if you use the program, he is your master." Richard Stallman |
Archives