[Cryptography] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
Peter Todd
pete at petertodd.org
Thu Feb 23 21:53:37 EST 2017
On Thu, Feb 23, 2017 at 09:27:45PM -0500, William Muriithi wrote:
> Hi Peter,
>
> > I personally had to tell a client recently that they could not use Git for a
> > proposed auditing application as the data they were committing to in their Git
> > repo would be sufficiently valuable as to make creating a hash collission
> > worthwhile. Specifically, this was a case where you might want to commit to two
> > contradictory audit records, as you wouldn't know in advance *which* of the two
> > records would be the one you'd want to give to the auditors.
> >
> > In that case, I assumed an attack would cost about $100k
> >
> I agree with you here. We are looking for SCM to replace subversion
> and between perforce and git, git do far better job as far as security
> is concerned.
>
> What are you recommending to your clients? Would be grateful for that
> info as we evaluate it usage.
I don't have a recommendation yet actually; for that particular client it was
feasible to recommend that we add our own custom re-hashing solution to
existing Git infrastructure, but there's not yet a general replacement for what
Git does with secure cryptography as far as I know.
Earlier today we discussed this issue in the Bitcoin Core IRC meeting, and the
best recommendation was that I'd take a look at extending my OpenTimestamps git
support(1) to also rehash Git history; when timestamping Git trees
OpenTimestamps already rehashes them with SHA256 so as to avoid depending on
SHA1.
You also should look at git-evtag(2), which computes SHA512 hashes over git
repos (but doesn't do timestamping).
1) https://petertodd.org/2016/opentimestamps-git-integration
2) https://github.com/cgwalters/git-evtag
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170223/855cf03b/attachment.sig>
More information about the cryptography
mailing list