From owner-freebsd-current@freebsd.org Tue Dec 29 21:05:03 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A19C84CADF5 for ; Tue, 29 Dec 2020 21:05:03 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D56PV4kNfz3Pbm; Tue, 29 Dec 2020 21:05:02 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: by sdaoden.eu (Postfix, from userid 1000) id E570016057; Tue, 29 Dec 2020 22:04:54 +0100 (CET) Date: Tue, 29 Dec 2020 22:04:54 +0100 From: Steffen Nurpmeso To: Brooks Davis , Thomas Mueller , freebsd-current@freebsd.org Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend Message-ID: <20201229210454.Lh4y_%steffen@sdaoden.eu> In-Reply-To: <20201229011939.GU31099@funkthat.com> References: <31ab8015-a0c4-af77-0ead-a17da0f88f1d@freebsd.org> <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com> Mail-Followup-To: Brooks Davis , Thomas Mueller , freebsd-current@freebsd.org User-Agent: s-nail v14.9.20-107-gf02322df OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. X-Rspamd-Queue-Id: 4D56PV4kNfz3Pbm X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.29 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[217.144.132.164:from]; NEURAL_HAM_MEDIUM(-0.99)[-0.986]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sdaoden.eu]; NEURAL_HAM_LONG(-1.00)[-1.000]; SPAMHAUS_ZRD(0.00)[217.144.132.164:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; FREEMAIL_TO(0.00)[freebsd.org,twc.com]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2020 21:05:03 -0000 John-Mark Gurney wrote in <20201229011939.GU31099@funkthat.com>: |Steffen Nurpmeso wrote this message on Wed, Dec 23, 2020 at 17:24 +0100: |>|Then there's also the point that the repo is (looks like it) using |>|SHA-1 hashes, which are effectively broken, so depending upon them |>|to validate the tree is questionable anyways. |> |> git uses the hardened SHA-1 for sure, which is, as far as i know, |> at least safe against the known attack. |> I .. have not tracked this, but i think upgrading to SHA-256 is |> possible, once this will become standard. Just even more |> metadata, then. I have not looked into this, still in progress. | |A new attack came out earlier this year: |https://eprint.iacr.org/2020/014.pdf Impressive document. Not a mathematician here, but still. |>From the paper: |> In particular, chosen-prefix collisions can break signature schemes and |> handshake security in secure channel protocols (TLS, SSH), if generated |> extremely quickly. | |The previous attack in 2017 did not break SHA-1 enough to render it's |use by git vulnerable, but the writing was on the wall for SHA-1... | |I believe this new attack makes git's use a SHA-1 vulnerable... |The type/length prefix that prevented the previous attacks from |working is not effective against the new attack... | |Also, the cost of the attack is not great ($45k), considering the recent Ha. |SolarWinds supply chain attack, being able to smuggle a modified file |into a git repo, say an OS's build server, such that the tools don't |know the tree is modified is a real problem... SHA-256 arrives, if you look at the git history. Until then signing a git tag even with SHA-1 is better than being unsealed. This attack, well, interesting that FreeBSD with so many developers with ssh push hasn't been soiled more often. I am cautious regarding such, there is a tremendous amount of propaganda against Russia and China going on .. and then who tapped the cables, who has the budget, hmm. I have read one US national security alert report once, and all i could see was a supposed russian who logged into an open management console, and immediately logged out again (if the session was printed correctly). On some software where this login possibility was publicly announced as being a problem months before. (I read around once i read this report.) So given that the software would at least log such login attempts it could even have been seen as a kind reminder, whatever. Maybe not. Was it "national security alert"?, i think yes. Well. It is always easy to point with fingers at someone else. But as always, situation is horror. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)