From: "Geoffrey Irving" <irving@naml.us>
To: "Daniel Barkalow" <barkalow@iabervon.org>
Cc: "Nicolas Pitre" <nico@cam.org>, "Andreas Ericsson" <ae@op5.se>,
"Dmitry Potapov" <dpotapov@gmail.com>,
"Henrik Austad" <henrikau@orakel.ntnu.no>,
git@vger.kernel.org
Subject: Re: About git and the use of SHA-1
Date: Tue, 29 Apr 2008 13:31:51 -0700 [thread overview]
Message-ID: <7f9d599f0804291331v2f44bee1y29c1580d68a3107a@mail.gmail.com> (raw)
In-Reply-To: <alpine.LNX.1.00.0804291410340.19665@iabervon.org>
On Tue, Apr 29, 2008 at 11:41 AM, Daniel Barkalow <barkalow@iabervon.org> wrote:
> On Tue, 29 Apr 2008, Geoffrey Irving wrote:
>
> > On Tue, Apr 29, 2008 at 10:55 AM, Nicolas Pitre <nico@cam.org> wrote:
> > > On Tue, 29 Apr 2008, Geoffrey Irving wrote:
> > >
> > >
> > > > Sorry for the confusion: it would handwaving if I was saying git was insecure,
> > > > but I'm not. I'm saying that if or when SHA1 becomes vulnerable to collision
> > > > attacks, git will be insecure.
> > >
> > > Right. And if or when that happens then we'll make Git secure again
> > > with a different hash. In the mean time there is low return for the
> > > effort involved.
> >
> > Yes. I wasn't trying to advocate switching, just making sure people
> > know that the "collisions don't matter" argument is bogus.
>
> It's bogus to say they completely don't matter, but I still claim that
> they don't matter for the things people actually care about. If people can
> generate collisions, they can commit a "weak" blob with a conditional that
> can be switched by replacing the blob. But it's almost always true that
> people could commit a blob with a conditional that can be switched by
> something else under the attacker's more direct control. Using a better
> hash function won't save you from a document like:
>
> if (getdate() < 2009)
> render_good_text
> else
> render_evil_text
>
> even if it does help with:
>
> if (AA == AA)
> render_good_text
> else
> render_evil_text
>
> If you're not checking your files for the former, you shouldn't worry
> about the latter, because the former is much easier and more subtle.
I sincerely hope that pdf/postscript don't allow the internal
rendering code to branch based on the current date. That would be an
absurd security hole, and would indeed make you entirely correct. If
you actually know that it is possible to write that in postscript, I
would very much want to see an example.
In any case, in a binary document format that isn't insane (examples
of these at least include black and white .png images of documents), a
visual check of the content is sufficient to ensure that the next
person who looks at it will see roughly the same visual content. Git
should be (and currently is) a secure method of transferring sane
binary documents.
Geoffrey
next prev parent reply other threads:[~2008-04-29 20:32 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-28 16:29 About git and the use of SHA-1 Henrik Austad
2008-04-28 19:34 ` Daniel Barkalow
2008-04-28 21:29 ` Henrik Austad
2008-04-28 22:15 ` Daniel Barkalow
2008-04-29 6:38 ` Andreas Ericsson
2008-04-29 7:09 ` Russ Dill
2008-04-29 7:21 ` Andreas Ericsson
2008-04-29 11:05 ` Sverre Rabbelier
2008-04-29 12:27 ` Andreas Ericsson
2008-04-29 13:05 ` Paolo Bonzini
2008-04-29 14:37 ` Andreas Ericsson
2008-04-29 14:52 ` Paolo Bonzini
2008-04-29 16:24 ` Russ Dill
2008-04-29 12:46 ` Jurko Gospodnetić
2008-04-29 16:21 ` Russ Dill
2008-04-29 15:34 ` Geoffrey Irving
2008-04-29 16:27 ` Daniel Barkalow
2008-04-29 12:41 ` Dmitry Potapov
2008-04-29 14:41 ` Andreas Ericsson
2008-04-29 15:42 ` Nicolas Pitre
2008-04-29 15:59 ` Geoffrey Irving
2008-04-29 16:39 ` Nicolas Pitre
2008-04-29 17:48 ` Geoffrey Irving
2008-04-29 17:55 ` Nicolas Pitre
2008-04-29 18:02 ` Geoffrey Irving
2008-04-29 18:41 ` Daniel Barkalow
2008-04-29 20:31 ` Geoffrey Irving [this message]
2008-04-29 20:50 ` Fredrik Skolmli
2008-04-29 21:39 ` Geoffrey Irving
2008-04-29 21:52 ` Fredrik Skolmli
2008-04-30 2:58 ` Martin Langhoff
2008-04-30 5:18 ` Geoffrey Irving
2008-04-30 5:47 ` David Brown
2008-04-30 5:56 ` Martin Langhoff
2008-04-29 18:17 ` Matthieu Moy
2008-04-29 18:23 ` Fredrik Skolmli
2008-04-29 15:02 ` Tom Widmer
2008-04-29 17:08 ` Tom Widmer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7f9d599f0804291331v2f44bee1y29c1580d68a3107a@mail.gmail.com \
--to=irving@naml.us \
--cc=ae@op5.se \
--cc=barkalow@iabervon.org \
--cc=dpotapov@gmail.com \
--cc=git@vger.kernel.org \
--cc=henrikau@orakel.ntnu.no \
--cc=nico@cam.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).