On Mon, Oct 15, 2012 at 6:42 PM, Elia Pinto <gitter.spiros@xxxxxxxxx> wrote: > Very clear analysis. Well written. Perhaps is it the time to update > http://git-scm.com/book/ch6-1.html (A SHORT NOTE ABOUT SHA-1) ? > > Hope useful > > http://www.schneier.com/crypto-gram-1210.html This would be concerning if the Git security model would break down if someone found a SHA1 collision, but it really wouldn't. It's one thing to find *a* collision, it's quite another to: 1. Find a collision for the sha1 of harmless.c which I know you use, and replace it with evil.c. 2. Somehow make evil.c compile so that it actually does something useful and nefarious, and doesn't just make the C compiler puke. If finding one arbitrary collision costs $43K in 2021 dollars getting past this point is going to take quite a large multiple of $43K. 3. Somehow inject the new evil object into your repository, or convince you to re-clone it / clone it from somewhere you usually wouldn't. At some point in the early days of Git Linus went on a rant to this effect either on this list or on the LKML. Maybe it would be useful to include some of that instead? It would be very interesting to see an analysis that deals with some actual Git-related security scenarios, instead of something that just assumes that if someone finds *any* SHA1 collision the sky is going to fall. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html