Git Mailing List Archive on lore.kernel.org
 help / color / Atom feed
* SHA-1 chosen-prefix colission attack
@ 2020-01-07 17:31 Kevin Daudt
  2020-01-07 20:31 ` Santiago Torres Arias
  0 siblings, 1 reply; 3+ messages in thread
From: Kevin Daudt @ 2020-01-07 17:31 UTC (permalink / raw)
  To: git

Researchers published new advances in creating collisions in SHA-1
hashes: https://sha-mbles.github.io/

> As a side result, this shows that it now costs less than 100k USD to
> break cryptography with a security level of 64 bits (i.e. to compute
> 264 operations of symmetric cryptography).

Kevin


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: SHA-1 chosen-prefix colission attack
  2020-01-07 17:31 SHA-1 chosen-prefix colission attack Kevin Daudt
@ 2020-01-07 20:31 ` Santiago Torres Arias
  2020-01-08  7:30   ` Jeff King
  0 siblings, 1 reply; 3+ messages in thread
From: Santiago Torres Arias @ 2020-01-07 20:31 UTC (permalink / raw)
  To: Kevin Daudt, git

[-- Attachment #1: Type: text/plain, Size: 425 bytes --]

> > As a side result, this shows that it now costs less than 100k USD to
> > break cryptography with a security level of 64 bits (i.e. to compute
> > 264 operations of symmetric cryptography).

Just to clarify:

    As a stopgap measure, the collision-detection library of Stevens and Shumow [SS17]
    can be used to detect attack attempts (it successfully detects our attack).

At the end of section 7.0,

Cheers
-Santiago

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: SHA-1 chosen-prefix colission attack
  2020-01-07 20:31 ` Santiago Torres Arias
@ 2020-01-08  7:30   ` Jeff King
  0 siblings, 0 replies; 3+ messages in thread
From: Jeff King @ 2020-01-08  7:30 UTC (permalink / raw)
  To: Santiago Torres Arias; +Cc: Kevin Daudt, git

On Tue, Jan 07, 2020 at 03:31:48PM -0500, Santiago Torres Arias wrote:

> > > As a side result, this shows that it now costs less than 100k USD to
> > > break cryptography with a security level of 64 bits (i.e. to compute
> > > 264 operations of symmetric cryptography).
> 
> Just to clarify:
> 
>     As a stopgap measure, the collision-detection library of Stevens and Shumow [SS17]
>     can be used to detect attack attempts (it successfully detects our attack).
> 
> At the end of section 7.0,

And if anyone is curious, you can test your build of Git against their
sample files by running:

  $ t/helper/test-tool sha1 <messageA
  fatal: SHA-1 appears to be part of a collision attack: 8ac60ba76f1999a1ab70223f225aefdc78d4ddc0

Unfortunately you can't test with actual Git objects, because their
chosen-prefixes don't have object headers. They do estimate that a
classical collision is down to ~11k USD to compute, so maybe we'll see
one eventually. :)

-Peff

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-07 17:31 SHA-1 chosen-prefix colission attack Kevin Daudt
2020-01-07 20:31 ` Santiago Torres Arias
2020-01-08  7:30   ` Jeff King

Git Mailing List Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/git/0 git/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 git git/ https://lore.kernel.org/git \
		git@vger.kernel.org
	public-inbox-index git

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.git


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git