From owner-freebsd-current@freebsd.org Tue Dec 29 01:37:23 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8188A4CA77D for ; Tue, 29 Dec 2020 01:37:23 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D4cVB3Ztjz52lG for ; Tue, 29 Dec 2020 01:37:22 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qk1-x734.google.com with SMTP id p14so10385056qke.6 for ; Mon, 28 Dec 2020 17:37:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=d9wRnLjAKH063SZbvl5r4Z4jYQ3YBFoNaSytZfE1o4E=; b=d1j5hQL1k7LA21/DByy0MD1NRiR7lUV65rXj+Ar0VLAKWcsgHZTIRD6FOR1dFiVReS qd18xhsb1Qsw1ptzaDe4+Pc53ejfbWDpv2jtkcszwZ+9tWeDL2oRr7WN4kLf2PYnOebO nSjs2HMNZVnsnfJBd0ODSWMi9RXtXdsy6VsBUyV72yJu+3XaHcf2ArrvyYrklzq+M5lc QDj3psYzb93R0rRJCADm2nHM1Bx9XDd0fTdRtrRx2o/pos/rIFBrY7EsdRcp2H80du2x fahTgEQfum98Z7Ve3Mfww6jPKDLYXFaJFfHpwSTmvwPewonv8qRetBBBzl9/MscwPqc1 /ZmA== X-Gm-Message-State: AOAM532ryIV1Pwo90Q7RHctW3tT8RhNAyVcu+Zw8L7iotDrRWKXjkAye KohmtgvLzLkPopWWUD0uziOKtivb6zq9gMapiBjcwA== X-Google-Smtp-Source: ABdhPJz/UlWj06Xke1PmDY42EOWNQF1IGXJMImmIbYQ0urVST9v19EAye/jJ2PezVASRXxW3MII5Ra2Ru2Alf1+d2ig= X-Received: by 2002:a37:a614:: with SMTP id p20mr46007355qke.359.1609205840923; Mon, 28 Dec 2020 17:37:20 -0800 (PST) MIME-Version: 1.0 References: <31ab8015-a0c4-af77-0ead-a17da0f88f1d@freebsd.org> <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com> In-Reply-To: <20201229011939.GU31099@funkthat.com> From: Warner Losh Date: Mon, 28 Dec 2020 18:37:08 -0700 Message-ID: Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend To: Brooks Davis , Thomas Mueller , freebsd-current@freebsd.org X-Rspamd-Queue-Id: 4D4cVB3Ztjz52lG X-Spamd-Bar: - X-Spamd-Result: default: False [-1.00 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[bsdimp-com.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[bsdimp.com]; NEURAL_SPAM_SHORT(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::734:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[bsdimp-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::734:from]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[freebsd.org,twc.com]; FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::734:from]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com]; MAILMAN_DEST(0.00)[freebsd-current] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2020 01:37:23 -0000 On Mon, Dec 28, 2020, 6:19 PM John-Mark Gurney wrote: > Steffen Nurpmeso wrote this message on Wed, Dec 23, 2020 at 17:24 +0100: > > |Then there's also the point that the repo is (looks like it) using > > |SHA-1 hashes, which are effectively broken, so depending upon them > > |to validate the tree is questionable anyways. > > > > git uses the hardened SHA-1 for sure, which is, as far as i know, > > at least safe against the known attack. > > I .. have not tracked this, but i think upgrading to SHA-256 is > > possible, once this will become standard. Just even more > > metadata, then. I have not looked into this, still in progress. > > A new attack came out earlier this year: > https://eprint.iacr.org/2020/014.pdf > > From the paper: > > In particular, chosen-prefix collisions can break signature schemes and > > handshake security in secure channel protocols (TLS, SSH), if generated > > extremely quickly. > > The previous attack in 2017 did not break SHA-1 enough to render it's > use by git vulnerable, but the writing was on the wall for SHA-1... > > I believe this new attack makes git's use a SHA-1 vulnerable... > The type/length prefix that prevented the previous attacks from > working is not effective against the new attack... > > Also, the cost of the attack is not great ($45k), considering the recent > SolarWinds supply chain attack, being able to smuggle a modified file > into a git repo, say an OS's build server, such that the tools don't > know the tree is modified is a real problem... > Yea. The git transition team knew about these issues (though the referenced paper is new). Too bad git's SHA-256 stuff is too immature to use yet at scale, coupled with requiring a super new git version to even test it out. Plus, much of the greater git ecosystem simply doesn't support SHA-256 yet. We should, as a project, continue to test how well it works and monitor the ecosystem for a transition in a few years when it is robust... Warner -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >