Taylor Blau <me@xxxxxxxxxxxx> writes: > But even if the attacker could do all of that, the remote still needs to > index that pack, and while checksumming the pack, it would notice the > collision (or SHA-1 mismatch) and reject the pack by die()-ing either > way. (AFAICT, this all happens in > builtin/index-pack.c::parse_pack_objects()). The hosting side writes a packfile and computes the tail sum once. You force the clients that clone or fetch validate the tail sum. Usually clients outnumber the hoster by large orders of magnitude. That sounds like you are optimizing for a wrong side, but it does point at another aspect of this problem. Even without limiting ourselves to the tail sum, our uses of the hash function fall into two categories, ones that do not have to be overly cautious (i.e., when we are generating data and computing the hash over that data), and the others that we do want to be paranoid (i.e., when we receive check-summed data from outside world and suspect that the data was generated by an adversary).
