From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 332B3958 for ; Fri, 24 Feb 2017 10:13:09 +0000 (UTC) X-Greylist: delayed 00:08:09 by SQLgrey-1.7.6 Received: from hera.mpi-klsb.mpg.de (hera.mpi-klsb.mpg.de [139.19.1.49]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6C1DB144 for ; Fri, 24 Feb 2017 10:13:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mmci.uni-saarland.de; s=mail200803; h=Content-Transfer-Encoding:Mime-Version:Content-Type:References:In-Reply-To:Date:To:From:Subject:Message-ID; bh=/UiT1MrDIAxpXMMuvE+HNArRFpwMYaM4ukh1cAbcpX4=; b=h6lbJ9iOub4IM21lKHETwuprg/O7D06i5+kVUsTdC9ssbeIIvIzNqHmwV3iGCTBSzJgtkCn+2c2BkDeHcg0MmSxyW5B8qWB+tsxLbv9n+xeepAkhrvZn3uBa2KRNUL9XCLN878yczqPqy2KPoCqOoVh0qJBhX5IPWNxEHGamC3c=; Received: from sam.mpi-klsb.mpg.de ([139.19.86.26]:56010) by hera.mpi-klsb.mpg.de (envelope-from ) with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) id 1chCkB-0007fR-9o for bitcoin-dev@lists.linuxfoundation.org; Fri, 24 Feb 2017 11:04:57 +0100 Received: from mbpc48.cs.uni-saarland.de ([134.96.225.161]:59644) by sam.mpi-klsb.mpg.de (envelope-from ) with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) id 1chCkB-0005xp-41 for bitcoin-dev@lists.linuxfoundation.org; Fri, 24 Feb 2017 11:04:55 +0100 Message-ID: <1487930694.1528.1.camel@mmci.uni-saarland.de> From: Tim Ruffing To: bitcoin-dev@lists.linuxfoundation.org Date: Fri, 24 Feb 2017 11:04:54 +0100 In-Reply-To: <76fa5d76-6c54-e13e-7b55-a4409ef536f5@gmail.com> References: <20170223181409.GA6085@savin.petertodd.org> <20170223212802.GA7608@savin.petertodd.org> <76fa5d76-6c54-e13e-7b55-a4409ef536f5@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.5 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-MPI-Local-Sender: true X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 24 Feb 2017 13:45:40 +0000 Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 10:13:09 -0000 On Fri, 2017-02-24 at 00:57 +0100, Aymeric Vitte via bitcoin-dev wrote: > > I have not worked on this since some time, so that's just thoughts, > but maybe it can render things much more difficult > than       computing two files until the same hash is found > You basically rely on the idea that specific collisions are more difficult to find. This trick or similar tricks will not help. (And actually, the more files you add to the hash, the more freedom you give the attacker.) Even if certain collisions are more difficult to find today (which is certainly true), the general rule is that someone will prove you wrong in a year. Even if ignore security entirely, switching to new hash function is much simpler trying to fix the usage of a broken hash function. Relying on SHA1 is hopeless. We have to get rid of it. Best, Tim