[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security review of tag2upload

Marco d'Itri <md@Linux.IT> writes:
> simon@josefsson.org wrote:

>> Can this be substantiated?  Using SHA1CD in Git does not necessarily
>> mean someone cannot manually create a Git repository with a colliding
>> git commit somewhere in the history that gets accepted by git, and
>> allows someone to replace actual file contents.  That may be the case,
>> but I haven't seen any detailed analysis answering that.

> This is quite a strong assertion, and it is up to you to prove it.  The
> current consensus among cryptography experts is that SHA-1 is still
> resistant to preimage attacks.

The attack that Simon is talking about doesn't require a preimage attack,
only a successful collision attack against Git trees using SHAttered plus
some assumptions about where Git may be lazy about revalidating hashes.
It's an interesting point that I didn't think of, although I'm not sure
that it would work against GitLab and thus against Salsa and I think it's
fairly trivial to protect against regardless.  I'm working on a longer
response; I needed to do a bit of research first.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>
Reply to: