Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Hi Junio, On Wed, 29 Mar 2017, Junio C Hamano wrote: > Johannes Schindelin writes: > > > The approach I chose instead was to make the switch global, per > > command. Obviously, the next step is to identify the Git commands > > which accept objects from external

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Johannes Schindelin writes: > - After the SHAttered blog post became public, Linus first made the case > that it matters not all that much: the development of the Linux kernel > is based on trust, and nobody would pull from a person they do not trust. > This

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Hi Junio, On Fri, 24 Mar 2017, Junio C Hamano wrote: > Johannes Schindelin writes: > > > - the most important part will be the patch turning core.enableSHA1DC > > into a tristate: "externalOnly" or "smart" or "auto" or something > > indicating that it switches on

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Jeff King writes: > Yeah, I think we can assume it will be possible with SHAttered levels of > effort. An attacker can use it to create a persistent corruption by > having somebody fetch from them twice. So not really that interesting an > attack, but it is something. I still

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

On Sun, Mar 26, 2017 at 11:07:02PM -0700, Junio C Hamano wrote: > > No, I don't think so. We don't trust the trailer hash for anything to do > > with corruption; we actually inflate the objects and see which ones we > > got. So the victim will notice immediately that what the attacker sent > > it

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Jeff King writes: >> If a malicious site can craft two packfiles that hash to the same, >> then it can first feed one against a fetch request, then feed the >> other one when a later fetch request comes, and then the later pack >> is discarded by the "existing data wins" rule.

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

On Sun, Mar 26, 2017 at 04:16:06PM -0700, Junio C Hamano wrote: > > I don't think this case really matters for collision detection. What's > > important is what Git does when it receives a brand-new packfile that > > would overwrite an existing one. It _should_ keep the old one, under the > >

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Jeff King writes: > On Fri, Mar 24, 2017 at 11:37:54PM -0700, Junio C Hamano wrote: > >> The hash that names a packfile is constructed by sorting all the >> names of the objects contained in the packfile and running SHA-1 >> hash over it. I think this MUST be hashed with

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

On Fri, Mar 24, 2017 at 11:37:54PM -0700, Junio C Hamano wrote: > The hash that names a packfile is constructed by sorting all the > names of the objects contained in the packfile and running SHA-1 > hash over it. I think this MUST be hashed with collision-attack > detection. A malicious site

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Junio C Hamano writes: > The hash that names a packfile is constructed by sorting all the > names of the objects contained in the packfile and running SHA-1 > hash over it. Sorry, but I need to make a correction here. This "SHA-1 over sorted object names" is a description of

Re: [PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

Johannes Schindelin writes: > - the most important part will be the patch turning core.enableSHA1DC > into a tristate: "externalOnly" or "smart" or "auto" or something > indicating that it switches on collision detection only for commands > that accept objects

[PATCH 0/7] PREVIEW: Introduce DC_AND_OPENSSL_SHA1 make flag

As I pointed out several times in the past, the performance hit of enabling SHA1DC globally is not acceptable. This patch series not only demonstrates that clearly in the perf test it adds (it is the last patch in the current series, and its commit message has some numbers), it also shows an early