From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E8A16A87 for ; Thu, 23 Feb 2017 18:14:15 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from outmail148110.authsmtp.com (outmail148110.authsmtp.com [62.13.148.110]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id F071A13E for ; Thu, 23 Feb 2017 18:14:14 +0000 (UTC) Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232]) by punt20.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v1NIEDkS096929; Thu, 23 Feb 2017 18:14:13 GMT Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v1NIEAMs038593 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2017 18:14:11 GMT Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id 05E2D400A9; Thu, 23 Feb 2017 18:14:10 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id 4743720245; Thu, 23 Feb 2017 13:14:09 -0500 (EST) Date: Thu, 23 Feb 2017 13:14:09 -0500 From: Peter Todd To: cryptography@metzdowd.com, bitcoin-dev@lists.linuxfoundation.org Message-ID: <20170223181409.GA6085@savin.petertodd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qMm9M+Fa2AknHoGS" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Server-Quench: e03a3352-f9f3-11e6-829f-00151795d556 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdAEUHlAWAgsB AmEbWlxeUVl7WGI7 bghPaBtcak9QXgdq T0pMXVMcUgQWeGlw e10eURF3fgYIfX52 ZQg3XnMKX0d/d1sr SxhXCGwHMGF9YGIW Bl1YdwJRcQRDe0tA b1YxNwt8YHVUOSY8 HhQyODYqdTBWKykd bQARZUwPRUAGBDc2 Qx1KATJnFFEZTiY4 NFQsOxYAHEcLPgAq OEE9WF8Dd1cUDRE8 V0NQGzMRPVQZQGIu BAJcQUcfFjBHWk8N X-Authentic-SMTP: 61633532353630.1037:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 18:14:16 -0000 --qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Worth noting: the impact of the SHA1 collison attack on Git is *not* limited only to maintainers making maliciously colliding Git commits, but also third-party's submitting pull-reqs containing commits, trees, and especially files for which collisions have been found. This is likely to be exploitabl= e in practice with binary files, as reviewers aren't going to necessarily notice garbage at the end of a file needed for the attack; if the attack can be extended to constricted character sets like unicode or ASCII, we're in trou= ble in general. Concretely, I could prepare a pair of files with the same SHA1 hash, taking into account the header that Git prepends when hashing files. I'd then subm= it that pull-req to a project with the "clean" version of that file. Once the maintainer merges my pull-req, possibly PGP signing the git commit, I then = take that signature and distribute the same repo, but with the "clean" version replaced by the malicious version of the file. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJYryZsAAoJECSBQD2l8JH7oogH/3IfkW5sFqvHvAcWvPDXivBk WKJcfPddvjHsnrVzYpqRB3/q660bjMgt9S0TgkiFTU0lJf37CM2lRrXjxqaZ0QMB sUSeIBT81GsfuaVzWoB7Z/ll4O1PLgbg0wWD+g+fefyGAD0qqtLwDjkmhcIoSQ6z pbjzxxMoo1VTc6LKZ/OXi1vH3eqiQZ6dyiyFwdbzXFmWVqCpCi1LLmeI/1JmLqhs z15l9dhWBXeeR0vN9YW6AUOU5sWO6EqSOapyUIvgfVzdI9p+6DEMq5H92il50tVO 53QTWgVk/0xgaVgHFHM1YUu001fNL4K7ff0thA0yYjVtDUzQg6fhdHTwXjYicjQ= =betV -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS--