[Cryptography] Just in case it isn't obvious...

Viktor Dukhovni cryptography at dukhovni.org
Mon Feb 27 11:34:32 EST 2017

> On Feb 27, 2017, at 7:47 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> I found another simple fix for git.  I thought it would be really hard, because "SHA1" is a hard-coded call in ~1,000 places.  Instead, just define a new function called sha1.  I've added a BLAKE2b wrapper locally.  It was a tiny change, makes it more secure, and is faster than SHA1.

Please don't.  This will not interoperate.  The team that announced the break
also announced a reasonably robust fix that interoperates will SHA-1 unless
the digest is vulnerable to the known attack differentials.  It detects and
modifies hashes for which a second pre-image can be found using currently
known attacks.  The probability of false-positives (accidental rather than
malicious weakness) was reportedly 2^{-90} (~10^{-48}).

Git could adopt the hardened SHA-1 implementation as a stop-gap, and as Ted
reports work to adopt newer hashes in an interoperable way.  Simply pretending
that Blake2b is SHA-1 is not a productive direction.


More information about the cryptography mailing list