<div dir="ltr"><div><br></div>Maybe now that bitcoin is growing out of the toy phase it's an idea to start gpg signing commits, like the Linux kernel (<a href="https://lwn.net/Articles/466468/">https://lwn.net/Articles/466468/</a>).<div>
<br></div><div>But I suppose then we can't use github anymore to merge as-is and need manual steps?<div><br></div><div>Wladimir</div><div><br><div><br></div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Apr 2, 2013 at 12:54 AM, Roy Badami <span dir="ltr"><<a href="mailto:roy@gnomon.org.uk" target="_blank">roy@gnomon.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
And the moment I hit send I realised it's not necessarily true.<br>
Conceivably, a collision attack might help you craft two commits (one<br>
good, one bad) with the same hash.<br>
<br>
But I still maintain what I just posted is true: if someone gets<br>
<div class="im HOEnZb">malicious code into the repo, it's going to be by social engineering,<br>
not by breaking the cyrpto.<br>
<br>
roy<br>
<br>
<br>
</div><div class="HOEnZb"><div class="h5">On Mon, Apr 01, 2013 at 11:51:07PM +0100, Roy Badami wrote:<br>
> The attack Schneier is talking about is a collision attack (i.e. it<br>
> creates two messages with the same hash, but you don't get to choose<br>
> either of the messages). It's not a second preimage attack, which is<br>
> what you would need to be able to create a message that hashes to the<br>
> same value of an existing message.<br>
><br>
> (And it neither have anything to do with the birthday paradox, BTW -<br>
> which relates to the chance of eventually finding two messages that<br>
> hash to the same value by pure change)<br>
><br>
> If someone gets malicious code into the repo, it's going to be by<br>
> social engineering, not by breaking the cyrpto.<br>
><br>
> roy<br>
><br>
> On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote:<br>
> > On 2 April 2013 00:10, Will <<a href="mailto:will@phase.net">will@phase.net</a>> wrote:<br>
> ><br>
> > > The threat of a SHA1 collision attack to insert a malicious pull request<br>
> > > are tiny compared with the other threats - e.g. github being compromised,<br>
> > > one of the core developers' passwords being compromised, one of the core<br>
> > > developers going rogue, sourceforge (distribution site) being compromised<br>
> > > etc etc... believe me there's a lot more to worry about than a SHA1<br>
> > > attack...<br>
> > ><br>
> > > Not meaning to scare, just to put things in perspective - this is why we<br>
> > > all need to peer review each others commits and keep an eye out for<br>
> > > suspicious commits, leverage the benefits of this project being open source<br>
> > > and easily peer reviewed.<br>
> > ><br>
> ><br>
> > Very good points, and I think you're absolutely right.<br>
> ><br>
> > But just running the numbers, to get the picture, based of scheiner's<br>
> > statistics:<br>
> ><br>
> > <a href="http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html" target="_blank">http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html</a><br>
> ><br>
> > We're talking about a million terrahashes = 2^60 right?<br>
> ><br>
> > With the block chain, you only have a 10 minute window, but with source<br>
> > code you have a longer time to prepare.<br>
> ><br>
> > Couldnt this be done with an ASIC in about a week?<br>
> ><br>
> ><br>
> ><br>
> > ><br>
> > > Will<br>
> > ><br>
> > ><br>
> > > On 1 April 2013 23:52, Melvin Carvalho <<a href="mailto:melvincarvalho@gmail.com">melvincarvalho@gmail.com</a>> wrote:<br>
> > ><br>
> > >><br>
> > >><br>
> > >><br>
> > >> On 1 April 2013 20:28, Petr Praus <<a href="mailto:petr@praus.net">petr@praus.net</a>> wrote:<br>
> > >><br>
> > >>> An attacker would have to find a collision between two specific pieces<br>
> > >>> of code - his malicious code and a useful innoculous code that would be<br>
> > >>> accepted as pull request. This is the second, much harder case in the<br>
> > >>> birthday problem. When people talk about SHA-1 being broken they actually<br>
> > >>> mean the first case in the birthday problem - find any two arbitrary values<br>
> > >>> that hash to the same value. So, no I don't think it's a feasible attack<br>
> > >>> vector any time soon.<br>
> > >>><br>
> > >>> Besides, with that kind of hashing power, it might be more feasible to<br>
> > >>> cause problems in the chain by e.g. constantly splitting it.<br>
> > >>><br>
> > >><br>
> > >> OK, maybe im being *way* too paranoid here ... but what if someone had<br>
> > >> access to github, could they replace one file with one they had prepared at<br>
> > >> some point?<br>
> > >><br>
> > >><br>
> > >>><br>
> > >>><br>
> > >>> On 1 April 2013 03:26, Melvin Carvalho <<a href="mailto:melvincarvalho@gmail.com">melvincarvalho@gmail.com</a>> wrote:<br>
> > >>><br>
> > >>>> I was just looking at:<br>
> > >>>><br>
> > >>>> <a href="https://bitcointalk.org/index.php?topic=4571.0" target="_blank">https://bitcointalk.org/index.php?topic=4571.0</a><br>
> > >>>><br>
> > >>>> I'm just curious if there is a possible attack vector here based on the<br>
> > >>>> fact that git uses the relatively week SHA1<br>
> > >>>><br>
> > >>>> Could a seemingly innocuous pull request generate another file with a<br>
> > >>>> backdoor/nonce combination that slips under the radar?<br>
> > >>>><br>
> > >>>> Apologies if this has come up before ...<br>
> > >>>><br>
> > >>>><br>
> > >>>> ------------------------------------------------------------------------------<br>
> > >>>> Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br>
> > >>>> Rise to greatness in Intel's independent game demo contest.<br>
> > >>>> Compete for recognition, cash, and the chance to get your game<br>
> > >>>> on Steam. $5K grand prize plus 10 genre and skill prizes.<br>
> > >>>> Submit your demo by 6/6/13. <a href="http://p.sf.net/sfu/intel_levelupd2d" target="_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br>
> > >>>> _______________________________________________<br>
> > >>>> Bitcoin-development mailing list<br>
> > >>>> <a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
> > >>>> <a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
> > >>>><br>
> > >>>><br>
> > >>><br>
> > >><br>
> > >><br>
> > >> ------------------------------------------------------------------------------<br>
> > >> Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br>
> > >> Rise to greatness in Intel's independent game demo contest.<br>
> > >> Compete for recognition, cash, and the chance to get your game<br>
> > >> on Steam. $5K grand prize plus 10 genre and skill prizes.<br>
> > >> Submit your demo by 6/6/13. <a href="http://p.sf.net/sfu/intel_levelupd2d" target="_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br>
> > >> _______________________________________________<br>
> > >> Bitcoin-development mailing list<br>
> > >> <a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
> > >> <a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
> > >><br>
> > >><br>
> > ><br>
><br>
> > ------------------------------------------------------------------------------<br>
> > Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br>
> > Rise to greatness in Intel's independent game demo contest.<br>
> > Compete for recognition, cash, and the chance to get your game<br>
> > on Steam. $5K grand prize plus 10 genre and skill prizes.<br>
> > Submit your demo by 6/6/13. <a href="http://p.sf.net/sfu/intel_levelupd2d" target="_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br>
><br>
> > _______________________________________________<br>
> > Bitcoin-development mailing list<br>
> > <a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
> > <a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
><br>
><br>
> ------------------------------------------------------------------------------<br>
> Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br>
> Rise to greatness in Intel's independent game demo contest.<br>
> Compete for recognition, cash, and the chance to get your game<br>
> on Steam. $5K grand prize plus 10 genre and skill prizes.<br>
> Submit your demo by 6/6/13. <a href="http://p.sf.net/sfu/intel_levelupd2d" target="_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br>
> _______________________________________________<br>
> Bitcoin-development mailing list<br>
> <a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
> <a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
><br>
<br>
------------------------------------------------------------------------------<br>
Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br>
Rise to greatness in Intel's independent game demo contest.<br>
Compete for recognition, cash, and the chance to get your game<br>
on Steam. $5K grand prize plus 10 genre and skill prizes.<br>
Submit your demo by 6/6/13. <a href="http://p.sf.net/sfu/intel_levelupd2d" target="_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
</div></div></blockquote></div><br></div>