[Cryptography] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
Peter Todd
pete at petertodd.org
Thu Feb 23 20:16:47 EST 2017
On Fri, Feb 24, 2017 at 12:46:44AM -0000, John Levine wrote:
> In article <20170223181409.GA6085 at savin.petertodd.org> you write:
> >Concretely, I could prepare a pair of files with the same SHA1 hash, taking
> >into account the header that Git prepends when hashing files.
>
> The Google blog post describes what they did, and mentioned that it
> used upward of 6500 CPU-years to create. So while I agree that the
> collision is real, and github should switch to better hashes ASAP, I'm
> not too worried about an immediate blizzard of fake source code.
Goggle also mentions it only took 110 years of single-GPU computations - that's
a lot more feasible...
I personally had to tell a client recently that they could not use Git for a
proposed auditing application as the data they were committing to in their Git
repo would be sufficiently valuable as to make creating a hash collission
worthwhile. Specifically, this was a case where you might want to commit to two
contradictory audit records, as you wouldn't know in advance *which* of the two
records would be the one you'd want to give to the auditors.
In that case, I assumed an attack would cost about $100k
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170223/d99725ec/attachment.sig>
More information about the cryptography
mailing list