Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Dec 2020 22:04:54 +0100
From:      Steffen Nurpmeso <steffen@sdaoden.eu>
To:        Brooks Davis <brooks@freebsd.org>, Thomas Mueller <mueller6722@twc.com>, freebsd-current@freebsd.org
Subject:   Re: HEADS UP: FreeBSD src repo transitioning to git this weekend
Message-ID:  <20201229210454.Lh4y_%steffen@sdaoden.eu>
In-Reply-To: <20201229011939.GU31099@funkthat.com>
References:  <CANCZdfrUsaw5jpN1ybpk0ADXdQYam0_NO0mPJd0-FMbuxPruhw@mail.gmail.com> <31ab8015-a0c4-af77-0ead-a17da0f88f1d@freebsd.org> <CANCZdfrF0B7uux_neg-4XGn2UCDd4noUm7zP_icHnrpZUgmzzA@mail.gmail.com> <CAOtMX2gV2dmyG4b1hZG24sUnqDVk=1pch4xgQmyUdtLrh48kYg@mail.gmail.com> <CANCZdfpb0MF%2BuoW=K3cQpL%2B3vNQjSBDeVMab5d4JJhUO4sy-2Q@mail.gmail.com> <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> <20201223023242.GG31099@funkthat.com> <20201223162417.v7Ce6%steffen@sdaoden.eu> <20201229011939.GU31099@funkthat.com>

next in thread | previous in thread | raw e-mail | index | archive | help
John-Mark Gurney wrote in
 <20201229011939.GU31099@funkthat.com>:
 |Steffen Nurpmeso wrote this message on Wed, Dec 23, 2020 at 17:24 +0100:
 |>|Then there's also the point that the repo is (looks like it) using
 |>|SHA-1 hashes, which are effectively broken, so depending upon them
 |>|to validate the tree is questionable anyways.
 |> 
 |> git uses the hardened SHA-1 for sure, which is, as far as i know,
 |> at least safe against the known attack.
 |> I .. have not tracked this, but i think upgrading to SHA-256 is
 |> possible, once this will become standard.  Just even more
 |> metadata, then.  I have not looked into this, still in progress.
 |
 |A new attack came out earlier this year:
 |https://eprint.iacr.org/2020/014.pdf

Impressive document.  Not a mathematician here, but still.

 |>From the paper:
 |> In particular, chosen-prefix collisions can break signature schemes and
 |> handshake security in secure channel protocols (TLS, SSH), if generated
 |> extremely quickly.
 |
 |The previous attack in 2017 did not break SHA-1 enough to render it's
 |use by git vulnerable, but the writing was on the wall for SHA-1...
 |
 |I believe this new attack makes git's use a SHA-1 vulnerable...
 |The type/length prefix that prevented the previous attacks from
 |working is not effective against the new attack...
 |
 |Also, the cost of the attack is not great ($45k), considering the recent

Ha.

 |SolarWinds supply chain attack, being able to smuggle a modified file
 |into a git repo, say an OS's build server, such that the tools don't
 |know the tree is modified is a real problem...

SHA-256 arrives, if you look at the git history.  Until then
signing a git tag even with SHA-1 is better than being unsealed.

This attack, well, interesting that FreeBSD with so many
developers with ssh push hasn't been soiled more often.  I am
cautious regarding such, there is a tremendous amount of
propaganda against Russia and China going on .. and then who
tapped the cables, who has the budget, hmm.  I have read one US
national security alert report once, and all i could see was
a supposed russian who logged into an open management console, and
immediately logged out again (if the session was printed
correctly).  On some software where this login possibility was
publicly announced as being a problem months before.  (I read
around once i read this report.) So given that the software would
at least log such login attempts it could even have been seen as
a kind reminder, whatever.  Maybe not.  Was it "national security
alert"?, i think yes.  Well.  It is always easy to point with
fingers at someone else.  But as always, situation is horror.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201229210454.Lh4y_%steffen>