[Cryptography] Just in case it isn't obvious...
Viktor Dukhovni
cryptography at dukhovni.org
Mon Feb 27 11:34:32 EST 2017
> On Feb 27, 2017, at 7:47 AM, Bill Cox <waywardgeek at gmail.com> wrote:
>
> I found another simple fix for git. I thought it would be really hard, because "SHA1" is a hard-coded call in ~1,000 places. Instead, just define a new function called sha1. I've added a BLAKE2b wrapper locally. It was a tiny change, makes it more secure, and is faster than SHA1.
Please don't. This will not interoperate. The team that announced the break
also announced a reasonably robust fix that interoperates will SHA-1 unless
the digest is vulnerable to the known attack differentials. It detects and
modifies hashes for which a second pre-image can be found using currently
known attacks. The probability of false-positives (accidental rather than
malicious weakness) was reportedly 2^{-90} (~10^{-48}).
Git could adopt the hardened SHA-1 implementation as a stop-gap, and as Ted
reports work to adopt newer hashes in an interoperable way. Simply pretending
that Blake2b is SHA-1 is not a productive direction.
--
Viktor.
More information about the cryptography
mailing list