[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git & Debian packaging sprint report


On July 15, 2019 8:50:48 PM UTC, Russ Allbery <rra@debian.org> wrote:
>Ansgar Burchardt <ansgar@debian.org> writes:
>
>> SHA-1 isn't going to get stronger in the future.  The TLS world has
>> already moved on, OpenPGP is still in the slow process to move on,
>> Release/Packages stopped using it[1], there is no reason to continue
>> using it.
>
>Well, the reason to continue using it is that Git uses it and we use
>Git,
>and it may simplify the workflow.
>
>You're not wrong, of course, but preimage attacks are very hard.  MD5
>is
>still probably robust against preimage attacks, let alone SHA-1.  By
>all
>means, let's future-proof as much as possible, but I'm not sure
>worrying
>about SHA-1 preimage resistance is the most important design principle
>in
>this case.  At some point, Git itself will switch away from SHA-1, and
>we
>can then obviously follow.
...
Except that we have different requirements than git.  Git isn't looking for security properties from SHA-1, so it's highly likely it'll meet their accident avoidance requirements long after it's no longer appropriate for security related assertions.

I don't think adding more SHA-1 in a security sensitive context is a good plan.

Scott K
Reply to: