On Thu, 23 Feb 2017, Joey Hess wrote:
https://shattered.io/static/shattered.pdf
https://freedom-to-tinker.com/2017/02/23/rip-sha-1/
IIRC someone has been working on parameterizing git's SHA1 assumptions
so a repository could eventually use a more secure hash. How far has
that gotten? There are still many "40" constants in git.git HEAD.
In the meantime, git commit -S, and checks that commits are signed,
seems like the only way to mitigate against attacks such as
the ones described in the threads at
https://joeyh.name/blog/sha-1/ and
https://joeyh.name/blog/entry/size_of_the_git_sha1_collision_attack_surface/
Since we now have collisions in valid PDF files, collisions in valid git
commit and tree objects are probably able to be constructed.
keep in mind that there is a huge difference between
creating a collision between two documents you create, both of which contain a
huge amount of arbitrary binary data that can be changed at will without
affecting the results
and
creating a collision betwen an existing document that someone else created and a
new document that is also valid C code without huge amounts of binary in it.
So, it's not time to panic, but it is one more push to make the changes to
support something else.
David Lang
