Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
And it IS secure, signatures are used not to authenticate integrity, but to authenticate the author of changes.
making the logs temper evident through git like hash chains
Posted Nov 19, 2011 4:40 UTC (Sat) by nevyn (subscriber, #33129)
Finally, in a vain attempt to forestall the inevitable flame wars, I will point out that my objections do not apply to systems in which the hash address space is shared only with trusted users. In other words, hash-based source control is for the most part fine sticking with SHA-1 and could indeed use a cheaper hash like MD5 without any practical trouble
As I explained early on [...], the _security_ of git actually depends
on not cryptographic hashes, but simply on everybody being able to secure
their own _private_ repository.
Posted Nov 20, 2011 3:12 UTC (Sun) by cmccabe (guest, #60281)
Posted Nov 20, 2011 19:19 UTC (Sun) by nevyn (subscriber, #33129)
Posted Nov 21, 2011 23:52 UTC (Mon) by cmccabe (guest, #60281)
Er, I think perhaps it is you who is missing the point. TFA says:
> Each entry authenticates all previous ones. If the top-most hash is
> regularly saved to a secure write-only location, the full chain is
> authenticated by it. Manipulations by the attacker can hence easily be
The point is to get security, not to "happily use SHA-1."
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds