Re: Gitorious should use CRC128 / 256 / 512 instead of SHA-1

From: Hans Petter Selasky <hps@selasky.org>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: rsbecker@nexbridge.com, git@vger.kernel.org
Subject: Re: Gitorious should use CRC128 / 256 / 512 instead of SHA-1
Date: Fri, 13 Jan 2023 17:44:03 +0100	[thread overview]
Message-ID: <7a51b925-cb0a-4b48-fc14-171006f73298@selasky.org> (raw)
In-Reply-To: <20230113163619.4ab5oyqyjrthxrwv@meerkat.local>

On 1/13/23 17:36, Konstantin Ryabitsev wrote:
> I'm not sure what you mean here, but git is certainly not zero-trust. When you
> clone linux.git from git.kernel.org, you're very much trusting that:
> 
> - I (or members of my team) didn't mess with the repository
> - Linus (or someone who hacked his laptop) didn't mess with the repository
> 
> Git is tamper-evident, not tamper-proof, so by definition it cannot be
> zero-trust.

Hi,

By using a cryptographic hash algorithm, the goal is to avoid tampering 
you say, like tampering on the internet, ISP, cache node and so on. To 
me that's clearly a zero-trust thought. You don't trust the guy(s) that 
put down the infrastructure, neither those that provide that local cache 
for the GIT repository, only the master repository. SHA-1 gives a 
certain confidence, that if you checkout XXXXXXX, then you get a likely 
expected result with reduced possibility of tampering.

Anyone could intercept a CRC protected blob and re-compute the hash and 
send it on. But not a SHA-1 one.

I on the other hand trust the guys that put down the internet and are 
providing the cache nodes for GIT.

It's two different world views.

--HPS