Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Ted Ts'o <tytso@mit.edu>
To: Jeff King <peff@peff.net>
Cc: "Junio C Hamano" <gitster@pobox.com>,
	"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
	"Git Mailing List" <git@vger.kernel.org>
Subject: Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
Date: Thu, 20 Oct 2011 09:14:55 -0400	[thread overview]
Message-ID: <20111020131454.GB7464@thunk.org> (raw)
In-Reply-To: <20111020071356.GA14945@sigill.intra.peff.net>

On Thu, Oct 20, 2011 at 03:13:56AM -0400, Jeff King wrote:
> It's not that the commit is bad or the source of problems. My point is
> that the assumption that commit messages are NUL-terminated has been
> there for a really long time, so there are lots of spots in the code
> that sloppily run string functions on them. Every one of those needs to
> be found and fixed (e.g., I remember seeing this in
> for-each-ref.c:find_subpos recently).

Another possibility is to warn if the commit messages are not NULL
terminated.  Note though that if we're really worried about a bad guy
trying to attack us with a hash collision, he/she could always use
"invisible" non-printing characters in the commit message, and/or just
mess with one or both of the timestamps.  The more bits and more
degrees of flexibility the attacker has, the easier it would be, of
course.  In the grand scheme of things it's not clear to me how big of
a deal this would be.

If people were really concerned it would probably be easier to use
backup crypto checksum using something stronger (say, SHA-2 or the
eventual SHA-3).  Just store the backup checksums of the parent
commitments in some backwardly compatible place that old git
implementations wouldn't look (say, after the NULL in the commit
message if there isn't a better place :-), and new implementations
would know to generate the checksums, and old implementations would
ignore it.

That way, if anyone *does* figure out a way to generate real hash
collisions with SHA1 of objects that look almost completely identical
to the original objects, new implementations that would gradually make
their way out to the field could verify the SHA-2 (or SHA-3, when it
is announced, assuming that we the tag the checksums with a type
identifier) checksums and notice that they are not correct.

Maybe someone's already thought of this, but the cool thing about this
idea is it's a way that we can upgrade to a stronger hash algorithm
without needing a flag day due to some kind of incompatible format
change; we keep using SHA1 for the user-visible hash, since it's fine
modulo intentional attacks, and then use a hidden, backup checksum
which can be checked either all the time, or if that turns out to be a
computational burden, at some configurable random percent of the time.

Anyway, just a thought....

	      	      	     		   	  - Ted

next prev parent reply	other threads:[~2011-10-20 13:15 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-10-19 18:03 [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits Ævar Arnfjörð Bjarmason
2011-10-19 19:01 ` Jeff King
2011-10-19 19:38   ` Jeff King
2011-10-20  2:51     ` Jeff King
2011-10-20  4:15       ` Kyle Moffett
2011-10-20  4:25         ` Jeff King
2011-10-20  4:27         ` Junio C Hamano
2011-10-20  4:32           ` Kyle Moffett
2011-10-24 20:47       ` Jeff King
2011-10-20  4:31     ` Junio C Hamano
2011-10-20  4:34       ` Jeff King
2011-10-20  6:57         ` Junio C Hamano
2011-10-20  7:13           ` Jeff King
2011-10-20 13:14             ` Ted Ts'o [this message]
2011-10-20 15:56               ` Jeff King
2011-10-25 22:35                 ` Drew Northup
2011-10-20 18:36             ` Re* " Junio C Hamano
2011-10-20 19:00               ` Jeff King
2011-10-20  7:27           ` Nguyen Thai Ngoc Duy
2011-10-20  9:14       ` Nguyen Thai Ngoc Duy
2011-10-20 15:44         ` Jeff King
2011-10-20  9:38   ` Mikael Magnusson
2011-10-20 13:44     ` Elijah Newren
2011-10-19 22:09 ` Jonathan Nieder

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20111020131454.GB7464@thunk.org \
    --to=tytso@mit.edu \
    --cc=avarab@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).