From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UMncV-00012A-Go for bitcoin-development@lists.sourceforge.net; Mon, 01 Apr 2013 22:54:31 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gnomon.org.uk designates 93.93.131.22 as permitted sender) client-ip=93.93.131.22; envelope-from=roy@gnomon.org.uk; helo=darla.gnomon.org.uk; Received: from darla.gnomon.org.uk ([93.93.131.22]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1UMncT-0002Ez-2s for bitcoin-development@lists.sourceforge.net; Mon, 01 Apr 2013 22:54:31 +0000 Received: from darla.gnomon.org.uk (localhost.gnomon.org.uk [127.0.0.1]) by darla.gnomon.org.uk (8.14.3/8.14.3) with ESMTP id r31MsHwW000200 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 1 Apr 2013 23:54:22 +0100 (BST) (envelope-from roy@darla.gnomon.org.uk) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.95.3 at darla.gnomon.org.uk Received: (from roy@localhost) by darla.gnomon.org.uk (8.14.3/8.14.1/Submit) id r31MsHMW000199; Mon, 1 Apr 2013 23:54:17 +0100 (BST) (envelope-from roy) Date: Mon, 1 Apr 2013 23:54:17 +0100 From: Roy Badami To: Melvin Carvalho Message-ID: <20130401225417.GV65880@giles.gnomon.org.uk> References: <20130401225107.GU65880@giles.gnomon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130401225107.GU65880@giles.gnomon.org.uk> User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: -3.8 (---) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -2.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1UMncT-0002Ez-2s Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] bitcoin pull requests X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Apr 2013 22:54:31 -0000 And the moment I hit send I realised it's not necessarily true. Conceivably, a collision attack might help you craft two commits (one good, one bad) with the same hash. But I still maintain what I just posted is true: if someone gets malicious code into the repo, it's going to be by social engineering, not by breaking the cyrpto. roy On Mon, Apr 01, 2013 at 11:51:07PM +0100, Roy Badami wrote: > The attack Schneier is talking about is a collision attack (i.e. it > creates two messages with the same hash, but you don't get to choose > either of the messages). It's not a second preimage attack, which is > what you would need to be able to create a message that hashes to the > same value of an existing message. > > (And it neither have anything to do with the birthday paradox, BTW - > which relates to the chance of eventually finding two messages that > hash to the same value by pure change) > > If someone gets malicious code into the repo, it's going to be by > social engineering, not by breaking the cyrpto. > > roy > > On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote: > > On 2 April 2013 00:10, Will wrote: > > > > > The threat of a SHA1 collision attack to insert a malicious pull request > > > are tiny compared with the other threats - e.g. github being compromised, > > > one of the core developers' passwords being compromised, one of the core > > > developers going rogue, sourceforge (distribution site) being compromised > > > etc etc... believe me there's a lot more to worry about than a SHA1 > > > attack... > > > > > > Not meaning to scare, just to put things in perspective - this is why we > > > all need to peer review each others commits and keep an eye out for > > > suspicious commits, leverage the benefits of this project being open source > > > and easily peer reviewed. > > > > > > > Very good points, and I think you're absolutely right. > > > > But just running the numbers, to get the picture, based of scheiner's > > statistics: > > > > http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html > > > > We're talking about a million terrahashes = 2^60 right? > > > > With the block chain, you only have a 10 minute window, but with source > > code you have a longer time to prepare. > > > > Couldnt this be done with an ASIC in about a week? > > > > > > > > > > > > Will > > > > > > > > > On 1 April 2013 23:52, Melvin Carvalho wrote: > > > > > >> > > >> > > >> > > >> On 1 April 2013 20:28, Petr Praus wrote: > > >> > > >>> An attacker would have to find a collision between two specific pieces > > >>> of code - his malicious code and a useful innoculous code that would be > > >>> accepted as pull request. This is the second, much harder case in the > > >>> birthday problem. When people talk about SHA-1 being broken they actually > > >>> mean the first case in the birthday problem - find any two arbitrary values > > >>> that hash to the same value. So, no I don't think it's a feasible attack > > >>> vector any time soon. > > >>> > > >>> Besides, with that kind of hashing power, it might be more feasible to > > >>> cause problems in the chain by e.g. constantly splitting it. > > >>> > > >> > > >> OK, maybe im being *way* too paranoid here ... but what if someone had > > >> access to github, could they replace one file with one they had prepared at > > >> some point? > > >> > > >> > > >>> > > >>> > > >>> On 1 April 2013 03:26, Melvin Carvalho wrote: > > >>> > > >>>> I was just looking at: > > >>>> > > >>>> https://bitcointalk.org/index.php?topic=4571.0 > > >>>> > > >>>> I'm just curious if there is a possible attack vector here based on the > > >>>> fact that git uses the relatively week SHA1 > > >>>> > > >>>> Could a seemingly innocuous pull request generate another file with a > > >>>> backdoor/nonce combination that slips under the radar? > > >>>> > > >>>> Apologies if this has come up before ... > > >>>> > > >>>> > > >>>> ------------------------------------------------------------------------------ > > >>>> Own the Future-Intel® Level Up Game Demo Contest 2013 > > >>>> Rise to greatness in Intel's independent game demo contest. > > >>>> Compete for recognition, cash, and the chance to get your game > > >>>> on Steam. $5K grand prize plus 10 genre and skill prizes. > > >>>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > >>>> _______________________________________________ > > >>>> Bitcoin-development mailing list > > >>>> Bitcoin-development@lists.sourceforge.net > > >>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > >>>> > > >>>> > > >>> > > >> > > >> > > >> ------------------------------------------------------------------------------ > > >> Own the Future-Intel® Level Up Game Demo Contest 2013 > > >> Rise to greatness in Intel's independent game demo contest. > > >> Compete for recognition, cash, and the chance to get your game > > >> on Steam. $5K grand prize plus 10 genre and skill prizes. > > >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > >> _______________________________________________ > > >> Bitcoin-development mailing list > > >> Bitcoin-development@lists.sourceforge.net > > >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > >> > > >> > > > > > > ------------------------------------------------------------------------------ > > Own the Future-Intel® Level Up Game Demo Contest 2013 > > Rise to greatness in Intel's independent game demo contest. > > Compete for recognition, cash, and the chance to get your game > > on Steam. $5K grand prize plus 10 genre and skill prizes. > > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > ------------------------------------------------------------------------------ > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development >