Date: Mon, 28 Dec 2020 18:37:08 -0700 From: Warner Losh <imp@bsdimp.com> To: Brooks Davis <brooks@freebsd.org>, Thomas Mueller <mueller6722@twc.com>, freebsd-current@freebsd.org Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend Message-ID: <CANCZdfodE7ePTqN4SOOhAyep0SqqCNdbHpJspNvwGyV_upw%2B4A@mail.gmail.com> In-Reply-To: <20201229011939.GU31099@funkthat.com> References: <CANCZdfrUsaw5jpN1ybpk0ADXdQYam0_NO0mPJd0-FMbuxPruhw@mail.gmail.com> <31ab8015-a0c4-af77-0ead-a17da0f88f1d@freebsd.org> <CANCZdfrF0B7uux_neg-4XGn2UCDd4noUm7zP_icHnrpZUgmzzA@mail.gmail.com> <CAOtMX2gV2dmyG4b1hZG24sUnqDVk=1pch4xgQmyUdtLrh48kYg@mail.gmail.com> <CANCZdfpb0MF%2BuoW=K3cQpL%2B3vNQjSBDeVMab5d4JJhUO4sy-2Q@mail.gmail.com> <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com>
index | next in thread | previous in thread | raw e-mail
On Mon, Dec 28, 2020, 6:19 PM John-Mark Gurney <jmg@funkthat.com> wrote: > Steffen Nurpmeso wrote this message on Wed, Dec 23, 2020 at 17:24 +0100: > > |Then there's also the point that the repo is (looks like it) using > > |SHA-1 hashes, which are effectively broken, so depending upon them > > |to validate the tree is questionable anyways. > > > > git uses the hardened SHA-1 for sure, which is, as far as i know, > > at least safe against the known attack. > > I .. have not tracked this, but i think upgrading to SHA-256 is > > possible, once this will become standard. Just even more > > metadata, then. I have not looked into this, still in progress. > > A new attack came out earlier this year: > https://eprint.iacr.org/2020/014.pdf > > From the paper: > > In particular, chosen-prefix collisions can break signature schemes and > > handshake security in secure channel protocols (TLS, SSH), if generated > > extremely quickly. > > The previous attack in 2017 did not break SHA-1 enough to render it's > use by git vulnerable, but the writing was on the wall for SHA-1... > > I believe this new attack makes git's use a SHA-1 vulnerable... > The type/length prefix that prevented the previous attacks from > working is not effective against the new attack... > > Also, the cost of the attack is not great ($45k), considering the recent > SolarWinds supply chain attack, being able to smuggle a modified file > into a git repo, say an OS's build server, such that the tools don't > know the tree is modified is a real problem... > Yea. The git transition team knew about these issues (though the referenced paper is new). Too bad git's SHA-256 stuff is too immature to use yet at scale, coupled with requiring a super new git version to even test it out. Plus, much of the greater git ecosystem simply doesn't support SHA-256 yet. We should, as a project, continue to test how well it works and monitor the ecosystem for a transition in a few years when it is robust... Warner -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfodE7ePTqN4SOOhAyep0SqqCNdbHpJspNvwGyV_upw%2B4A>