From: ankostis <ankostis@gmail.com>
To: Jason Cooper <git@lakedaemon.net>
Cc: Ian Jackson <ijackson@chiark.greenend.org.uk>,
Joey Hess <id@joeyh.name>,
git@vger.kernel.org
Subject: Re: SHA1 collisions found
Date: Sun, 26 Feb 2017 00:22:10 +0100 [thread overview]
Message-ID: <CA+dhYEUTZMLKfBXSHU61qx5i9P6a0muUcyAvnNKzc=_E5-z7wA@mail.gmail.com> (raw)
In-Reply-To: <20170224172335.GG11350@io.lakedaemon.net>
On 24 February 2017 at 18:23, Jason Cooper <git@lakedaemon.net> wrote:
> Hi Ian,
>
> On Fri, Feb 24, 2017 at 03:13:37PM +0000, Ian Jackson wrote:
>> Joey Hess writes ("SHA1 collisions found"):
>> > https://shattered.io/static/shattered.pdf
>> > https://freedom-to-tinker.com/2017/02/23/rip-sha-1/
>> >
>> > IIRC someone has been working on parameterizing git's SHA1 assumptions
>> > so a repository could eventually use a more secure hash. How far has
>> > that gotten? There are still many "40" constants in git.git HEAD.
>>
>> I have been thinking about how to do a transition from SHA1 to another
>> hash function.
>>
>> I have concluded that:
>>
>> * We can should avoid expecting everyone to rewrite all their
>> history.
>
> Agreed.
>
>> * Unfortunately, because the data formats (particularly, the commit
>> header) are not in practice extensible (because of the way existing
>> code parses them), it is not useful to try generate new data (new
>> commits etc.) containing both new hashes and old hashes: old
>> clients will mishandle the new data.
>
> My thought here is:
>
> a) re-hash blobs with sha256, hardlink to sha1 objects
> b) create new tree objects which are mirrors of each sha1 tree object,
> but purely sha256
> c) mirror commits, but they are also purely sha256
> d) future PGP signed tags would sign both hashes (or include both?)
IMHO that is a great idea that needs more attention.
You get to keep 2 or more hash-functions for extra security in a PQ world.
And to keep sketches for the future so far,
SHA-3 must be always one of the new hashes.
Actually, you can get rid of SHA-1 completely, and land on Linus's
current sketches for the way ahead.
Thanks,
Kostis
>
> Which would end up something like:
>
> .git/
> \... #usual files
> \objects
> \ef
> \3c39f7522dc55a24f64da9febcfac71e984366
> \objects-sha2_256
> \72
> \604fd2de5f25c89d692b01081af93bcf00d2af34549d8d1bdeb68bc048932
> \info
> \...
> \info-sha2_256
> \refs #uses sha256 commit identifiers
>
> Basically, keep the sha256 stuff out of the way for legacy clients, and
> new clients will still be able to use it.
>
> There shouldn't be a need to re-sign old signed tags if the underlying
> objects are counter-hashed. There might need to be some transition
> info, though.
>
> Say a new client does 'git tag -v tags/v3.16' in the kernel tree. I would
> expect it to check the sha1 hashes, verify the PGP signed tag, and then
> also check the sha256 counter-hashes of the relevant objects.
>
> thx,
>
> Jason.
next prev parent reply other threads:[~2017-02-25 23:22 UTC|newest]
Thread overview: 136+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-23 16:43 SHA1 collisions found Joey Hess
2017-02-23 17:00 ` David Lang
2017-02-23 17:02 ` Junio C Hamano
2017-02-23 17:12 ` David Lang
2017-02-23 20:49 ` Jakub Narębski
2017-02-23 20:57 ` Jeff King
2017-02-23 17:18 ` Junio C Hamano
2017-02-23 17:35 ` Joey Hess
2017-02-23 17:52 ` Linus Torvalds
2017-02-23 18:21 ` Joey Hess
2017-02-23 18:31 ` Joey Hess
2017-02-23 19:13 ` Morten Welinder
2017-02-24 15:52 ` Geert Uytterhoeven
2017-02-23 18:40 ` Linus Torvalds
2017-02-23 18:46 ` Jeff King
2017-02-23 19:09 ` Linus Torvalds
2017-02-23 19:32 ` Jeff King
2017-02-23 19:47 ` Linus Torvalds
2017-02-23 19:57 ` Jeff King
[not found] ` <alpine.LFD.2.20.1702231428540.30435@i7.lan>
2017-02-23 22:43 ` Jeff King
2017-02-23 22:50 ` Linus Torvalds
2017-02-23 23:05 ` Jeff King
2017-02-23 23:05 ` [PATCH 1/3] add collision-detecting sha1 implementation Jeff King
2017-02-23 23:15 ` Stefan Beller
2017-02-24 0:01 ` Jeff King
2017-02-24 0:12 ` Linus Torvalds
2017-02-24 0:16 ` Jeff King
2017-02-23 23:05 ` [PATCH 2/3] sha1dc: adjust header includes for git Jeff King
2017-02-23 23:06 ` [PATCH 3/3] Makefile: add USE_SHA1DC knob Jeff King
2017-02-24 18:36 ` HW42
2017-02-24 18:57 ` Jeff King
2017-02-23 23:14 ` SHA1 collisions found Linus Torvalds
2017-02-28 18:41 ` Junio C Hamano
2017-02-28 19:07 ` Junio C Hamano
2017-02-28 19:20 ` Jeff King
2017-03-01 8:57 ` Dan Shumow
2017-02-28 19:34 ` Linus Torvalds
2017-02-28 19:52 ` Shawn Pearce
2017-02-28 22:56 ` Linus Torvalds
2017-02-28 21:22 ` Dan Shumow
2017-02-28 22:50 ` Marc Stevens
2017-02-28 23:11 ` Linus Torvalds
2017-03-01 19:05 ` Jeff King
2017-02-23 20:47 ` Øyvind A. Holm
2017-02-23 20:46 ` Joey Hess
2017-02-23 18:42 ` Jeff King
2017-02-23 17:52 ` David Lang
2017-02-23 19:20 ` David Lang
2017-02-23 17:19 ` Linus Torvalds
2017-02-23 17:29 ` Linus Torvalds
2017-02-23 18:10 ` Joey Hess
2017-02-23 18:29 ` Linus Torvalds
2017-02-23 18:38 ` Junio C Hamano
2017-02-24 9:42 ` Duy Nguyen
2017-02-25 19:04 ` brian m. carlson
2017-02-27 13:29 ` René Scharfe
2017-02-28 13:25 ` brian m. carlson
2017-02-24 15:13 ` Ian Jackson
2017-02-24 17:04 ` ankostis
2017-02-24 17:23 ` Jason Cooper
2017-02-25 23:22 ` ankostis [this message]
2017-02-24 17:32 ` Junio C Hamano
2017-02-24 17:45 ` David Lang
2017-02-24 18:14 ` Junio C Hamano
2017-02-24 18:58 ` Stefan Beller
2017-02-24 19:20 ` Junio C Hamano
2017-02-24 20:05 ` ankostis
2017-02-24 20:32 ` Junio C Hamano
2017-02-25 0:31 ` ankostis
2017-02-26 0:16 ` Jason Cooper
2017-02-26 17:38 ` brian m. carlson
2017-02-26 19:11 ` Linus Torvalds
2017-02-26 21:38 ` Ævar Arnfjörð Bjarmason
2017-02-26 21:52 ` Jeff King
2017-02-27 13:00 ` Transition plan for git to move to a new hash function Ian Jackson
2017-02-27 14:37 ` Why BLAKE2? Markus Trippelsdorf
2017-02-27 15:42 ` Ian Jackson
2017-02-27 19:26 ` Transition plan for git to move to a new hash function Tony Finch
2017-02-28 21:47 ` brian m. carlson
2017-03-02 18:13 ` Ian Jackson
2017-03-04 22:49 ` brian m. carlson
2017-03-05 13:45 ` Ian Jackson
2017-03-05 23:45 ` brian m. carlson
2017-02-24 20:05 ` SHA1 collisions found Junio C Hamano
2017-02-24 20:33 ` Philip Oakley
2017-02-24 23:39 ` Jeff King
2017-02-25 0:39 ` Linus Torvalds
2017-02-25 0:54 ` Linus Torvalds
2017-02-25 1:16 ` Jeff King
2017-02-26 18:55 ` Junio C Hamano
2017-02-25 6:10 ` Junio C Hamano
2017-02-26 1:13 ` Jason Cooper
2017-02-26 5:18 ` Jeff King
2017-02-26 18:30 ` brian m. carlson
2017-03-02 21:46 ` Brandon Williams
2017-03-03 11:13 ` Jeff King
2017-03-03 14:54 ` Ian Jackson
2017-03-03 22:18 ` Jeff King
2017-03-02 19:55 ` Linus Torvalds
2017-03-02 20:43 ` Junio C Hamano
2017-03-02 21:21 ` Linus Torvalds
2017-03-02 21:54 ` Joey Hess
2017-03-02 22:27 ` Linus Torvalds
2017-03-03 1:50 ` Mike Hommey
2017-03-03 2:19 ` Linus Torvalds
2017-03-03 11:04 ` Jeff King
2017-03-03 21:47 ` Stefan Beller
2017-02-25 1:00 ` David Lang
2017-02-25 1:15 ` Stefan Beller
2017-02-25 1:21 ` Jeff King
2017-02-25 1:39 ` David Lang
2017-02-25 1:47 ` Jeff King
2017-02-25 1:56 ` David Lang
2017-02-25 2:28 ` Jacob Keller
2017-02-25 2:26 ` Jacob Keller
2017-02-25 5:39 ` grarpamp
2017-02-24 23:43 ` Ian Jackson
2017-02-25 0:06 ` Ian Jackson
2017-02-25 18:50 ` brian m. carlson
2017-02-25 19:26 ` Jeff King
2017-02-25 22:09 ` Mike Hommey
2017-02-26 17:38 ` brian m. carlson
2017-02-24 22:47 ` Jakub Narębski
2017-02-24 22:53 ` Santiago Torres
2017-02-24 23:05 ` Jakub Narębski
2017-02-24 23:24 ` Øyvind A. Holm
2017-02-24 23:06 ` Jeff King
2017-02-24 23:35 ` Jakub Narębski
2017-02-25 22:35 ` Lars Schneider
2017-02-26 0:46 ` Jeff King
2017-02-26 18:22 ` Junio C Hamano
2017-02-26 18:57 ` Thomas Braun
2017-02-26 21:30 ` Jeff King
2017-02-27 9:57 ` Geert Uytterhoeven
2017-02-27 10:43 ` Jeff King
2017-02-27 12:39 ` Morten Welinder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+dhYEUTZMLKfBXSHU61qx5i9P6a0muUcyAvnNKzc=_E5-z7wA@mail.gmail.com' \
--to=ankostis@gmail.com \
--cc=git@lakedaemon.net \
--cc=git@vger.kernel.org \
--cc=id@joeyh.name \
--cc=ijackson@chiark.greenend.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).