Re: Git and SHA-1 security (again)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry if I'm dropping in at the wrong point (this is one I'd bookmarked)..



From: "Duy Nguyen" <pclouds@xxxxxxxxx>
Sent: Wednesday, July 20, 2016 3:44 PM
On Wed, Jul 20, 2016 at 2:28 PM, Johannes Schindelin
<Johannes.Schindelin@xxxxxx> wrote:
But that strategy *still* ignores the distributed nature of Git. Just
because *you* make that merge at a certain point does not necessarily mean
that I make it at that point, too.

Any approach that tries to have one single point of conversion will most
likely fall short of a solution.

OK I see the difference in our views now. To me an sha256 repo would
see an sha1 repo as a _foreign_ DVCS, pretty much like git sees
mercurial now. So a transition from sha1 to sha256 is not that
different from cvs -> svn -> a dvcs bubble -> git.


I think that within Git, that it is possible to have inter-workability (for those parts that negotiate) between instances with different views about the availability of two hash types. Fetch/push negotiation is a normal part of working with a remote.

To be honest, I am less concerned about the GPG-signed commits (after all,
after switching to a more secure hash algorithm, a maintainer could
cross-sign all signed commits, or only the branch tips or tags, as new
tags, to reinstitute trust).

I am much more concerned about references to commits, both inside and
outside the repository. That is, if I read anywhere on the internet about
Git having added support for `git add --chmod=+x <file>` in 4e55ed3 (add:
add --chmod=+x / --chmod=-x options, 2016-05-31), I want to find that
commit by that reference.

And I am of course concerned what should happen if a user wants to fetch
from, or push to, a SHA-1-hashed remote repository into, or from, a
SHA-256-hashed local one.

to follow the above, in my view, interaction with sha1 repos go
through some conversion bridges like what we have with hg and svn. I
don't know if we are going this route. It's certainly simpler and
people already have experiences (from previous migration) to prepare
for it.
--

The main thought was that rather than worrying about which advanced hash to pick (with all the arguments that entails), rather it is worth reducing the problem space to create a 'toy problem', to look at the interaction issues.

For the toy problem view we'd keep the current oid length (so that the transmission formats don't change size), however we swap the old-new to make sha1 the new hash and use an older shorter hash (e.g. md5) to investigate the transition from a short to long hash.

Keeping it as a 'toy problem' avoids folks having too much invested in the new hash choice, rather the interworking can be more easily sorted, and some issue can be punted on (e.g. the choice of salt to extend the md5 to the sha1, and collisions therein).

--
Philip

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]