[Cryptography] Google announces practical SHA-1 collision attack

Tom Mitchell mitch at niftyegg.com
Tue Feb 28 17:46:39 EST 2017 

On Mon, Feb 27, 2017 at 6:27 AM, Perry E. Metzger <perry at piermont.com>
wrote:

> On Mon, 27 Feb 2017 08:57:23 +0000
> Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> > Nikita Borisov <nikita at illinois.edu> writes:
> >
> > >The cost estimates were around $500K at normal EC2 prices and
>
....

> > Lots of organisations, and even individuals, can scrape together that
> > sort of money, but "resources" is more than just finding the money,
>
.....

>
> So, as it happens, I know some organizations which have a definite
> reason to worry about SHA-1 collisions being possible in this price
> range.

....

> The other problem here, of course, is that as we've found out over and
> over again in this business, merely because the average user of your
> software or protocol is just protecting their grocery list doesn't
> mean that someone with real risk isn't also going to use your
> software.


This use of something in unintended ways is interesting.

In the context of GIT we are talking about a massive distributed
filesystem and SHA-1 based file system metadata.

Filesystems need to store data reliability and also be resilient to
disruptions and more.

A GIT system or a distributed and mirrored tree of package distributions
must correctly validate the file or collection of files.   It must also
recover when
an error is discovered.
It is not turtles all the way down.  Some layers have risks.   IIRC FCOE
(fibre channel
over ethernet) does not sit on a reliable data transfer layer.

This tells me that the replacement of SHA-1 in GIT also needs to
address all the  issues of a file system this large.  A malicious SHA-1
collision is just part of the system that needs attention.

Error detection and correction ECC needs to be end to end.
Redundancy and mirroring need attention.
Recovery should be reliable and nearly transparent.
Versioning design needs to understand why business loved VMS and
other systems.  Encryption, security and audit needs should not be blocked
by design.

Bigger than a bread box problem.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170228/4510db6c/attachment.html>

More information about the cryptography mailing list