From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C74E168D0 for ; Tue, 3 Sep 2024 22:41:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=64.147.108.71 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725403296; cv=none; b=VpDF/dfn0QKyEVyHUys/z7AB62vAkadYeNsn9cMGz4S7s6EqB06IUGruqUZi5xmeVow6p5k1FSyXq6QoB1hlRqkqKe9vKYkwanFMQBz2c6wwblPlBkFkCQ4ygiroNhyvdphpHlRvG0Q0w45cHTz1JY//7xXxj2bdxABL6JffflE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725403296; c=relaxed/simple; bh=YZZ6tT/h31acoEFz+WqL2FlKxY/H285r6nqndGPa2pM=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=RqJAMzxHpsCQdobS/TkiPqkCjsoL+eInYCZkhCj0G7axLk4FnXc1tasLBvYbiEKC9D4HEpenfc3p11Tuy7OPNWHiFEpjdTpy9ncpaCMpSSO2RWWYbnB1KLFiOMnf0m7lcQwZpY8hOz2/ONfoNh1xe8IMJYdkt1fEACVD9yZUxiw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=pobox.com; spf=pass smtp.mailfrom=pobox.com; dkim=pass (1024-bit key) header.d=pobox.com header.i=@pobox.com header.b=d2fyBb2t; arc=none smtp.client-ip=64.147.108.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=pobox.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pobox.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=pobox.com header.i=@pobox.com header.b="d2fyBb2t" Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 37B4F3AB27; Tue, 3 Sep 2024 18:41:33 -0400 (EDT) (envelope-from gitster@pobox.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc :subject:in-reply-to:references:date:message-id:mime-version :content-type; s=sasl; bh=YZZ6tT/h31acoEFz+WqL2FlKxY/H285r6nqndG Pa2pM=; b=d2fyBb2t2anmYLXCd1leWDDDfFZ3fSzh9abyEbf/1NW3JDKdlnJ+th CZ79N7KnAvM9RkI1/x6mv+cvATeqnnUaRU9pIkYmzoxG7wvj+tBsh6noUiuuSCWp 29T0xc1TH4ACvJoGEvu++oROxeBivMsFpOeg1UpHsCMnQOrw2nNLk= Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 2F68B3AB26; Tue, 3 Sep 2024 18:41:33 -0400 (EDT) (envelope-from gitster@pobox.com) Received: from pobox.com (unknown [34.125.94.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id 967663AB25; Tue, 3 Sep 2024 18:41:32 -0400 (EDT) (envelope-from gitster@pobox.com) From: Junio C Hamano To: Taylor Blau Cc: "brian m. carlson" , git@vger.kernel.org, Jeff King , Elijah Newren , Patrick Steinhardt Subject: Re: [PATCH 0/4] hash.h: support choosing a separate SHA-1 for non-cryptographic uses In-Reply-To: (Taylor Blau's message of "Tue, 3 Sep 2024 15:47:39 -0400") References: Date: Tue, 03 Sep 2024 15:41:31 -0700 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: AB05A964-6A45-11EF-8373-9B0F950A682E-77302942!pb-smtp2.pobox.com Taylor Blau writes: > But even if the attacker could do all of that, the remote still needs to > index that pack, and while checksumming the pack, it would notice the > collision (or SHA-1 mismatch) and reject the pack by die()-ing either > way. (AFAICT, this all happens in > builtin/index-pack.c::parse_pack_objects()). The hosting side writes a packfile and computes the tail sum once. You force the clients that clone or fetch validate the tail sum. Usually clients outnumber the hoster by large orders of magnitude. That sounds like you are optimizing for a wrong side, but it does point at another aspect of this problem. Even without limiting ourselves to the tail sum, our uses of the hash function fall into two categories, ones that do not have to be overly cautious (i.e., when we are generating data and computing the hash over that data), and the others that we do want to be paranoid (i.e., when we receive check-summed data from outside world and suspect that the data was generated by an adversary).