Re: [fossil-users] SHA1 and security

On 30 October 2015 at 00:32, Eduard wrote: > Hi Warren, > > On 10/29/2015 06:50 PM, Warren Young wrote: >> On Oct 29, 2015, at 3:40 PM, Eduard wrote: >>> On 10/29/2015 02:46 PM, Warren Young wrote: (...) >>> I had read 2/3 of

Re: [fossil-users] SHA1 and security

On Oct 29, 2015 6:50 PM, "Warren Young" wrote: > > I also wonder what will happen if someone with an existing checkout checks in a diff against the changeling file, and the diffs overlap with the evil bits. I assume the server will try to apply the patch and fail, or the next

Re: [fossil-users] SHA1 and security

On 10/30/15, Scott Robison wrote: > > I don't think fossil transfers deltas via the sync protocol, It does. Most artifacts are transmitted as deltas against existing artifacts that both ends already know about. Which reminds me - there is a (non-cryptographic) checksum

Re: [fossil-users] SHA1 and security

Hi Scott, Thank you for your reply! On 10/29/2015 01:40 AM, Scott Robison wrote: > On Wed, Oct 28, 2015 at 6:37 PM, Eduard > wrote: > > If fossil didn't say it used SHA1 to generate artifact IDs, I don't > think anyone would

Re: [fossil-users] SHA1 and security

On Thu, Oct 29, 2015 at 8:41 AM, Eduard wrote: > Hi Scott, > > Thank you for your reply! > > On 10/29/2015 01:40 AM, Scott Robison wrote: > > On Wed, Oct 28, 2015 at 6:37 PM, Eduard > > wrote: >

Re: [fossil-users] SHA1 and security

On Oct 28, 2015, at 11:40 PM, Scott Robison wrote: > > If fossil didn't say it used SHA1 to generate artifact IDs, I don't think > anyone would care how it generated IDs. +1. It should just say “artifact ID”, or “checkin ID”. > In fact, the "easiest" way to getting

Re: [fossil-users] SHA1 and security

On Oct 28, 2015, at 6:37 PM, Eduard wrote: > > I wish to discuss the issues surrounding the use of SHA1 in Fossil Have you read the prior discussions on this? http://www.mail-archive.com/fossil-users%40lists.fossil-scm.org/msg18053.html

Re: [fossil-users] SHA1 and security

On Thu, Oct 29, 2015 at 3:20 PM, Richard Hipp wrote: > On 10/29/15, Warren Young wrote: > > > > I’ll bet there are a whole lot of people who would love to get some evil > > code into pretty much every smartphone in the world by hacking the SQLite > > code

Re: [fossil-users] SHA1 and security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 28 Oct 2015 at 5:37pm, Eduard wrote: > Hi, > > I wish to discuss the issues surrounding the use of SHA1 in Fossil and > their consequences, as well as propose several possibilities to deal > with them. > > > As for the exact value of

Re: [fossil-users] SHA1 and security

On Thu, Oct 29, 2015 at 1:07 PM, Warren Young wrote: > On Oct 28, 2015, at 11:40 PM, Scott Robison > wrote: > > the odds of a non-malicious collision are so close to zero that those > odds might as well be zero. > > I’ll bet there are a whole lot of

Re: [fossil-users] SHA1 and security

On 10/29/15, Warren Young wrote: > > I’ll bet there are a whole lot of people who would love to get some evil > code into pretty much every smartphone in the world by hacking the SQLite > code repo. > > That’s a powerful motivation. Don’t underestimate it. That might be

Re: [fossil-users] SHA1 and security

Hi Warren, Thanks for replying! On 10/29/2015 02:46 PM, Warren Young wrote: > On Oct 28, 2015, at 6:37 PM, Eduard wrote: >> >> I wish to discuss the issues surrounding the use of SHA1 in Fossil > > Have you read the prior discussions on this? > > >

Re: [fossil-users] SHA1 and security

On Oct 29, 2015, at 3:20 PM, Richard Hipp wrote: > > Each check-in manifest also has a hash over all content of all files > in the R card. It's an MD5 hash, but that still means the attacker > would have to find replacement source code that (a) matched both SHA1 > and MD5

Re: [fossil-users] SHA1 and security

I thought this topic was beat to death a couple times already. Scott Doctor sc...@scottdoctor.com -- ___ fossil-users mailing list fossil-users@lists.fossil-scm.org

Re: [fossil-users] SHA1 and security

Hi Richard, Thanks for replying! On 10/29/2015 06:13 PM, Richard Hipp wrote: > On 10/29/15, Scott Robison wrote: >> Why is the R card optional? > > Because it is expensive to compute on large repos (ex: NetBSD) with > hundreds of megabytes of content. Some projects

Re: [fossil-users] SHA1 and security

On 10/29/2015 04:26 PM, Christopher M. Fuhrman wrote: > On Wed, 28 Oct 2015 at 5:37pm, Eduard wrote: > > What kind of speed hit would using the BLAKE2b algorithm on 32-bit > machines such as i386, vax, or m68k? Yes, there's the BLAKE2s > algorithm for 8-32 bit architectures but that produces

Re: [fossil-users] SHA1 and security

On Thu, Oct 29, 2015 at 3:59 PM, Warren Young wrote: > On Oct 29, 2015, at 3:20 PM, Richard Hipp wrote: > > > > Each check-in manifest also has a hash over all content of all files > > in the R card. It's an MD5 hash, but that still means the attacker > >

Re: [fossil-users] SHA1 and security

On 10/29/15, Scott Robison wrote: > Why is the R card optional? Because it is expensive to compute on large repos (ex: NetBSD) with hundreds of megabytes of content. Some projects elect to omit it. -- D. Richard Hipp d...@sqlite.org

Re: [fossil-users] SHA1 and security

On Oct 29, 2015, at 3:40 PM, Eduard wrote: > > On 10/29/2015 02:46 PM, Warren Young wrote: >> On Oct 28, 2015, at 6:37 PM, Eduard wrote: >>> >>> I wish to discuss the issues surrounding the use of SHA1 in Fossil >> >> Have you read the prior discussions on this?

Re: [fossil-users] SHA1 and security

On Oct 29, 2015, at 5:32 PM, Eduard wrote: > > On 10/29/2015 06:50 PM, Warren Young wrote: >> On Oct 29, 2015, at 3:40 PM, Eduard wrote: > most of the attacks on SHA-1 only apply to standalone blob cases >>> >>> And individual files (that are part of commits). That won't show up in >>> the

Re: [fossil-users] SHA1 and security

On 10/29/15, Warren Young wrote: > > Oh, I see what you mean. You’re making the same point Ron W did: If you > replace the file blob data in the tip of a branch, you don’t get a timeline > entry for that change. > > I assume the Fossil sync algorithm won’t allow a remote Fossil

Re: [fossil-users] SHA1 and security

Hi Warren, On 10/29/2015 06:50 PM, Warren Young wrote: > On Oct 29, 2015, at 3:40 PM, Eduard wrote: >> On 10/29/2015 02:46 PM, Warren Young wrote: >>> (...) >> I had read 2/3 of them, yes. Thanks for the third one! > > The third one’s the mother lode. Don’t be

Re: [fossil-users] SHA1 and security

On Thu, Oct 29, 2015 at 6:50 PM, Warren Young wrote: > > But, I think you’re not realizing that artifact chaining removes the > attraction of replacing old artifacts. As I understand it, you can’t > replace an artifact 10 checkins back from the tip of the branch without >

Re: [fossil-users] SHA1 and security

On Thu, Oct 29, 2015 at 1:37 AM, Eduard wrote: > First I propose that the use of SHA1 in Fossil is a serious problem. > This has been said at least a dozen times, and has not once been demonstrated. Show me the code. Falisify ONE artifact, and i'll believe it's a

Re: [fossil-users] SHA1 and security

On Wed, Oct 28, 2015 at 6:37 PM, Eduard wrote: > Hi, > > I wish to discuss the issues surrounding the use of SHA1 in Fossil and > their consequences, as well as propose several possibilities to deal > with them. > {whole bunch of snipped stuff} If fossil didn't

[fossil-users] SHA1 and security

Hi, I wish to discuss the issues surrounding the use of SHA1 in Fossil and their consequences, as well as propose several possibilities to deal with them. I would like to take a moment to define collision resistance and second-preimage resistance. A hash H is collision-resistant if it is