[Cryptography] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
Jason Cooper
cryptography at lakedaemon.net
Fri Feb 24 11:27:24 EST 2017
One final note:
On Fri, Feb 24, 2017 at 02:56:28AM +0000, Jason Cooper wrote:
...
> Just to be clear, this is now a *real* problem. How long it takes from
> spotting an object of interest to creating a replacement object is the
> critical variable here. The longer it takes to create, the more
> time people have to get a legit copy of the object before the malicious
> one can be injected. Large projects with a plethora of objects (Linux
> Kernel) need to start the timer now. Although, that's tempered by the
> fact that the juiciest targets are the new objects that no one has.
After reading through the git ml thread that Ted already pointed to, the
key piece I was missing last night is that this isn't a chosen-image
attack. e.g. you can't take $valid_commit, modify it, insert/append
some mutate-able garbage, and get $bad_commit where
sha1($valid_commit) == sha1($bad_commit)
is true. Well, not yet. Not with this new attack. But it's much
closer. I'm glad the object_id conversion is already underway. :-)
> /me grumbles because majordomo is ignoring my git ml subscribe
> requests[1]
EBKAC.
thx,
Jason.
More information about the cryptography
mailing list