public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Roy Badami <roy@gnomon.org.uk>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] bitcoin pull requests
Date: Mon, 1 Apr 2013 23:51:07 +0100	[thread overview]
Message-ID: <20130401225107.GU65880@giles.gnomon.org.uk> (raw)
In-Reply-To: <CAKaEYh+bePsmzM5XU1wpb_SFrTnbKB8LxMvWLLqP4p8KuesuSA@mail.gmail.com>

The attack Schneier is talking about is a collision attack (i.e. it
creates two messages with the same hash, but you don't get to choose
either of the messages).  It's not a second preimage attack, which is
what you would need to be able to create a message that hashes to the
same value of an existing message.

(And it neither have anything to do with the birthday paradox, BTW -
which relates to the chance of eventually finding two messages that
hash to the same value by pure change)

If someone gets malicious code into the repo, it's going to be by
social engineering, not by breaking the cyrpto.

roy

On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote:
> On 2 April 2013 00:10, Will <will@phase.net> wrote:
> 
> > The threat of a SHA1 collision attack to insert a malicious pull request
> > are tiny compared with the other threats - e.g. github being compromised,
> > one of the core developers' passwords being compromised, one of the core
> > developers going rogue, sourceforge (distribution site) being compromised
> > etc etc... believe me there's a lot more to worry about than a SHA1
> > attack...
> >
> > Not meaning to scare, just to put things in perspective - this is why we
> > all need to peer review each others commits and keep an eye out for
> > suspicious commits, leverage the benefits of this project being open source
> > and easily peer reviewed.
> >
> 
> Very good points, and I think you're absolutely right.
> 
> But just running the numbers, to get the picture, based of scheiner's
> statistics:
> 
> http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
> 
> We're talking about a million terrahashes = 2^60 right?
> 
> With the block chain, you only have a 10 minute window, but with source
> code you have a longer time to prepare.
> 
> Couldnt this be done with an ASIC in about a week?
> 
> 
> 
> >
> > Will
> >
> >
> > On 1 April 2013 23:52, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
> >
> >>
> >>
> >>
> >> On 1 April 2013 20:28, Petr Praus <petr@praus.net> wrote:
> >>
> >>> An attacker would have to find a collision between two specific pieces
> >>> of code - his malicious code and a useful innoculous code that would be
> >>> accepted as pull request. This is the second, much harder case in the
> >>> birthday problem. When people talk about SHA-1 being broken they actually
> >>> mean the first case in the birthday problem - find any two arbitrary values
> >>> that hash to the same value. So, no I don't think it's a feasible attack
> >>> vector any time soon.
> >>>
> >>> Besides, with that kind of hashing power, it might be more feasible to
> >>> cause problems in the chain by e.g. constantly splitting it.
> >>>
> >>
> >> OK, maybe im being *way* too paranoid here ... but what if someone had
> >> access to github, could they replace one file with one they had prepared at
> >> some point?
> >>
> >>
> >>>
> >>>
> >>> On 1 April 2013 03:26, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
> >>>
> >>>>  I was just looking at:
> >>>>
> >>>> https://bitcointalk.org/index.php?topic=4571.0
> >>>>
> >>>> I'm just curious if there is a possible attack vector here based on the
> >>>> fact that git uses the relatively week SHA1
> >>>>
> >>>> Could a seemingly innocuous pull request generate another file with a
> >>>> backdoor/nonce combination that slips under the radar?
> >>>>
> >>>> Apologies if this has come up before ...
> >>>>
> >>>>
> >>>> ------------------------------------------------------------------------------
> >>>> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> >>>> Rise to greatness in Intel's independent game demo contest.
> >>>> Compete for recognition, cash, and the chance to get your game
> >>>> on Steam. $5K grand prize plus 10 genre and skill prizes.
> >>>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> >>>> _______________________________________________
> >>>> Bitcoin-development mailing list
> >>>> Bitcoin-development@lists.sourceforge.net
> >>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >>>>
> >>>>
> >>>
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> >> Rise to greatness in Intel's independent game demo contest.
> >> Compete for recognition, cash, and the chance to get your game
> >> on Steam. $5K grand prize plus 10 genre and skill prizes.
> >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> >> _______________________________________________
> >> Bitcoin-development mailing list
> >> Bitcoin-development@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >>
> >>
> >

> ------------------------------------------------------------------------------
> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game 
> on Steam. $5K grand prize plus 10 genre and skill prizes. 
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d

> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development




  reply	other threads:[~2013-04-01 22:51 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-01  8:26 [Bitcoin-development] bitcoin pull requests Melvin Carvalho
2013-04-01 18:28 ` Petr Praus
2013-04-01 21:52   ` Melvin Carvalho
2013-04-01 22:10     ` Will
2013-04-01 22:27       ` Melvin Carvalho
2013-04-01 22:51         ` Roy Badami [this message]
2013-04-01 22:54           ` Roy Badami
2013-04-03  3:41             ` Wladimir
2013-04-03  3:51               ` Jeff Garzik
2013-04-03 15:52                 ` grarpamp
2013-04-03 16:05                   ` Gavin Andresen
2013-04-03 16:23                     ` grarpamp
     [not found]                       ` <CAAS2fgT06RHBO_0stKQAYLPB39ZAzaCVduFZJROjSzXUP4Db+g@mail.gmail.com>
2013-04-03 18:12                         ` grarpamp
2013-04-04  9:11                           ` Mike Hearn
2013-04-04 10:04                             ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130401225107.GU65880@giles.gnomon.org.uk \
    --to=roy@gnomon.org.uk \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=melvincarvalho@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox