On Fri, 29 Apr 2005, Tom Lord wrote: > I would expect someone to have on hand a small number of blobs that are > different but have different hashes and, eventually, to drop said files > into a blob-based infrastructure to wreak havoc. This is just ridiculous. The number of known collisions in SHA1 is *exactly zero* at this point in time --- not guaranteed to stay that way, of course, but generating collisions is likely to remain relatively expensive for some time. The collisions are highly structured; they are not just arbitrary blobs. If, after doing your 2^69 work or so to generate a real honest-to-goodness SHA-1 collision, you think an attacker would "DROP THEM IN A REPOSITORY TO CREATE HAVOC"? You'd have to break into the repository, etc, and then you'd find that *NOTHING REFERENCED THEM* and so *ABSOLUTELY NOTHING WOULD HAPPEN*. It's far more likely that SHA1 collisions will be used to generate forged X509 certificates, for a number of highly technical reasons. Git's highly constrained and derided 'brittle' file formats also serve to protect against the collision attacks against SHA-1 which are beginning to look possible. > So: a way to locally mark a given checksum as "controversial" seems > prudent, to me (hence, support for such in my blob-db code/spec). Arguably that's what *upgrades* to the spec might be for -- git has a solid philosophy of not creating 'features' unless it is sure that they are needed/will be used, and I think this is always the wise route in software development. Of much specification comes no code. And, if you actually create a 'flexible' blob-db spec with 'room for expansion' -- congratulations, you've just made yourself more vulnerable to collision attacks. --scott terrorist MI5 SKILLET hack AMLASH security KMPLEBE KUFIRE SCRANTON D5 SLBM LINCOLN KUDESK SMOTH Kojarena Moscow HTAUTOMAT WSBURNT Chechnya ( http://cscott.net/ ) - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Sat Apr 30 06:27:18 2005
This archive was generated by hypermail 2.1.8 : 2005-04-30 06:27:48 EST