On Sep 16, 2015 3:24 AM, "Michal Suchanek" <hramr...@gmail.com> wrote: > > On 16 September 2015 at 05:16, Scott Robison <sc...@casaderobison.com> wrote: > > But GPG could solve any weaknesses with Fossil's use of SHA-1, though. It > > won't prevent a determined party from deconstructing a repo, making whatever > > changes are desired, and rebuilding a believable facsimile that unwary > > parties might trust. The rebuilt repo could even have fraudulent GPG > > signatures attached just to make it feel more legit to people who don't > > really check such things. > > It has been pointed out that when using GPG to sign checking only the > manifests are signed and what links the manifests to the rest of the > content like actual file blobs or previous checkins are the weak SHA-1 > hashes.
Right, I didn't mean "GPG can fix this today with the current implementation in fossil". Just that it could be used to authenticate the source of global repo state. If we accept that sha1 is used for nothing more than identification and a way to validate an artifact as having not been accidentally modified, then clearly another means of authentication is necessary if it is a required feature. I accept that all artifacts should be signed for such a feature and that it is not happening at this time. > > So while it is possible to use PGP with fossil it gives only a false > sense of security until fossil itself uses crypto grade hash to link > its internal articact structure. > > Using a stronger or configurable hash for the internal linking of > artifacts would result in ability to verify the authenticity of a copy > of a signed repo even from unknown source so long as the signatures > are valid. > > As actual signed repos are rare this is not really strong use case. On > the other hand, they may be rare because there is no real point. I think they are rare because signing and verifying is a pain and we trust the official versions of repos. Arguably we should not. Even if GPG were being used completely and effectively, how can we be sure someone's private keys weren't compromised? We've talked on list before about how (with regard to computers) nothing is perfect, everything is statistically flawed in some way making it less than 100% guaranteed to work properly. I think fossil's (and other dvcs) use of sha1 fits in this category. It isn't perfect, but it is close enough for the use case. > > Thanks > > Michal > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users