LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Gentoo Mitigations?

Gentoo Mitigations?

Posted Mar 24, 2011 19:47 UTC (Thu) by vapier (subscriber, #15768)
In reply to: Gentoo Mitigations? by alex
Parent article: Arch Linux and (the lack of) package signing

except for when the Manifest itself is signed

anyone who truly cares about security is not going to rely on SHA1 checksums. claiming "use git" is a fix is ridiculous.

plus, you're now syncing the git tree which balloons overhead considerably since the entire history is mirrored and not just the latest set of files. i'm sure the mirrors giving up free space/bandwidth/resources will love that.

(Log in to post comments)

Security of a git tree

Posted Mar 25, 2011 10:10 UTC (Fri) by alex (subscriber, #1355) [Link]

Manufacturing a SHA1 collision is certainly doable. Doing it in a way that allows you to modify an individual commit in a git tree while also not breaking git's internal consistency with respect to history is an attack I've not seen done yet.

And of course you can sign tags with GPG for extra confidence.

As far as bandwidth and diskspace is concerned it would be worth doing some tests before ruling it out as less efficient than rsync. The over the air update protocol is fairly efficient and the .git directory is often smaller than the checked out tree as it's fairly heavily compressed. Plus of course as a developer it's really useful to have the whole history of an ebuild available to you when diagnosing issues or trying to understand why something was done.

Security of a git tree

Posted Mar 25, 2011 14:04 UTC (Fri) by foom (subscriber, #14868) [Link]

> Manufacturing a SHA1 collision is certainly doable.

Really? Isn't it still only theoretical?

SHA1

Posted Mar 25, 2011 15:54 UTC (Fri) by alex (subscriber, #1355) [Link]

I was going from memory but it seems so. Having said that there is a long road from generating collisions to a feasible attack. However from a crypto point of view you are no longer being protected by the maths ;-)

Security of a git tree

Posted Mar 26, 2011 20:39 UTC (Sat) by smurf (subscriber, #17840) [Link]

SHA1 is broken WRT collisions, i.e. you can find (with a lot of effort) two "random" bytestrings which hash to the same SHA1.

That's not the same as finding a bytestring which hashes to a given SHA1, which is still easier than to find a bytestring with, together with a given ASCII pre- and postamble, will match that given SHA1.

I don't think there's a feasible attack for the latter. But as SHA1 is considered "broken enough" that it should be phased out, AFAIK current efforts on one-way hashes are more focused on trying to break the several candidates for SHA's replacement, than to break SHA1 'even more'.

Security of a git tree

Posted Mar 28, 2011 11:01 UTC (Mon) by nye (guest, #51576) [Link]

>SHA1 is broken WRT collisions, i.e. you can find (with a lot of effort) two "random" bytestrings which hash to the same SHA1.

In principle yes, but nobody's ever actually done it with full SHA1 - until it gets a bit more broken than it currently is, going beyond proof-of-concept attacks on much reduced versions of SHA1 would still require more computing power than is currently feasible.

>But as SHA1 is considered "broken enough" that it should be phased out

True, it would be a bad choice for something new, but things aren't so terribly bad for SHA-1 yet - hell, there aren't even any pre-image attacks for *MD5* yet AFAIK and that's been considered utterly broken for *years*.

Security of a git tree

Posted Mar 29, 2011 18:34 UTC (Tue) by vapier (subscriber, #15768) [Link]

signing a SHA1 doesnt increase confidence in SHA1 in any way. it's still a SHA1.

you missed the "resources" aspect. high compression means significantly higher cpu/mem usage which makes scaling up much harder. plus, our mirrors now have to run a git daemon to do mirroring ? it just doesnt work out.

as a developer, you can mirror the VCS tree yourself.

Security of a git tree

Posted Mar 30, 2011 2:08 UTC (Wed) by smurf (subscriber, #17840) [Link]

You don't need a git server for mirriring a git archive.
That works quite well with http.

Security of a git tree

Posted Apr 3, 2011 2:52 UTC (Sun) by vapier (subscriber, #15768) [Link]

i dont think you've ever used git over http. the performance is downright awful for even small repos.

Security of a git tree

Posted Apr 3, 2011 6:17 UTC (Sun) by smurf (subscriber, #17840) [Link]

I don't think you've heard of "git update-server-info".
It creates a few index files which speed up the job considerably.
(It's typically run from the post-update hook in the shared repository.)

Security of a git tree

Posted Apr 3, 2011 7:37 UTC (Sun) by jrn (subscriber, #64214) [Link]

Presumably he has, since git refuses to fetch over HTTP without it.

Perhaps the servers you've been connecting to use the (relatively) new "smart" HTTP support, which negotiates which objects to send using a CGI script.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds