Re: About git and the use of SHA-1

[Andreas Ericsson <ae@op5.se>]

Russ Dill wrote:
>>  Colliding objects can never enter a repository. Git is lazy and will reuse the
>>  already existing colliding object with the same name instead.
>>
> 
> I think you are missing the point. One of the pluses behind originally
> using SHA-1 and the signed tags is that the system as a whole is
> cryptographically secure. You can verify from the public key of
> whoever made the tag that yes, this really is the source and history
> they tagged. Not only can DNS attacks be made, fooling users into
> thinking that they are really connecting to kernel.org, or whatever
> else server they expect to be connecting to, but also, the server
> itself may be hacked and objects replaced.
> 

If the server is hacked and objects are replaced, they will either
no longer match their cryptographic signature, meaning they'll be
new objects or git will determine that they are corrupt, or they
*will* match an existing object, but then that object won't be
propagated to other repositories since git refuses to overwrite
already existing objects. Either way, gits refusal to overwrite
objects it already has plays a part in making malicious actions
futile, since malicious code is only worth something if it's
propagated and actually used.

> I'm just not sure how much time it would take to find a collision.

Even crypto-experts are arguing about that, so I'm not surprised.

-- 
Andreas Ericsson                   andreas.ericsson@op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231