From: david@lang.hm
To: Jeff King <peff@peff.net>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
"René Scharfe" <rene.scharfe@lsrfire.ath.cx>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Elia Pinto" <gitter.spiros@gmail.com>,
git@vger.kernel.org, "Scott Chacon" <schacon@gmail.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Subject: Re: When Will We See Collisions for SHA-1? (An interesting analysis by Bruce Schneier)
Date: Tue, 16 Oct 2012 11:32:38 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.02.1210161131100.13407@asgard.lang.hm> (raw)
In-Reply-To: <20121016182751.GA30010@sigill.intra.peff.net>
On Tue, 16 Oct 2012, Jeff King wrote:
> On Tue, Oct 16, 2012 at 01:58:06PM -0400, Theodore Ts'o wrote:
>
>> I seem to recall that there was at least some discussion at one point
>> about adding some extra fields to the commit object in a backwards
>> compatible way by adding it after the trailing NUL. We didn't end up
>> doing it, but I could see it being a useful thing nonetheless (for
>> example, we could potentially put the backup SHA-2/SHA-3 pointer there).
>
> I don't see much point in it. If we want to add new backup pointers to
> commit objects, it is very easy to do so by adding new header fields.
>
> A much bigger problem is the other places we reference sha1s. The
> obvious place is trees, which have no room for backup pointers (either
> in headers, or with a NUL trick). But it also means that any time you
> have a sha1 that you arrive at in some other way than traversal from a
> signature, you are vulnerable to attack. E.g., if I record a sha1 in an
> external system, today I can be sure that when I fetch the object for
> that sha1, it is valid (or I can check that it is valid by hashing it).
> With sha1 collisions, I am vulnerable to attack.
If you have two hashes of the same contents (SHA1 and SHA3) and they both
agree that the file has not been tampered with, you should still be in
good shape just using the SHA1 as a reference.
David Lang
next prev parent reply other threads:[~2012-10-16 18:32 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-15 16:42 When Will We See Collisions for SHA-1? (An interesting analysis by Bruce Schneier) Elia Pinto
2012-10-15 17:47 ` Ævar Arnfjörð Bjarmason
2012-10-15 18:09 ` Elia Pinto
2012-10-15 18:34 ` Jeff King
2012-10-15 19:09 ` Elia Pinto
2012-10-15 19:14 ` Jeff King
2012-10-16 11:34 ` René Scharfe
2012-10-16 17:32 ` Jeff King
2012-10-16 17:58 ` Theodore Ts'o
2012-10-16 18:27 ` Jeff King
2012-10-16 18:32 ` david [this message]
2012-10-16 18:54 ` Jeff King
2012-10-16 20:09 ` Junio C Hamano
2012-10-17 8:05 ` Peter Todd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.02.1210161131100.13407@asgard.lang.hm \
--to=david@lang.hm \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitter.spiros@gmail.com \
--cc=peff@peff.net \
--cc=rene.scharfe@lsrfire.ath.cx \
--cc=schacon@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).