[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers

Peter Todd pete at petertodd.org
Thu Feb 23 21:28:02 UTC 2017

On Thu, Feb 23, 2017 at 01:14:09PM -0500, Peter Todd via bitcoin-dev wrote:
> Worth noting: the impact of the SHA1 collison attack on Git is *not* limited
> only to maintainers making maliciously colliding Git commits, but also
> third-party's submitting pull-reqs containing commits, trees, and especially
> files for which collisions have been found. This is likely to be exploitable in
> practice with binary files, as reviewers aren't going to necessarily notice
> garbage at the end of a file needed for the attack; if the attack can be
> extended to constricted character sets like unicode or ASCII, we're in trouble
> in general.
> Concretely, I could prepare a pair of files with the same SHA1 hash, taking
> into account the header that Git prepends when hashing files. I'd then submit
> that pull-req to a project with the "clean" version of that file. Once the
> maintainer merges my pull-req, possibly PGP signing the git commit, I then take
> that signature and distribute the same repo, but with the "clean" version
> replaced by the malicious version of the file.

Thinking about this a bit more, the most concerning avenue of attack is likely
to be tree objects, as I'll bet you you can construct tree objs with garbage at
the end that many review tools don't pick up on. :(

https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170223/29fe50b5/attachment-0001.sig>

More information about the bitcoin-dev mailing list