On Sun, Nov 16, 2014 at 03:31:10PM +0000, Patrick Schleizer wrote:
> How safe are signed git tags? Especially because git uses SHA-1. There
> is contradictory information around.
>> So if one verifies a git tag (`git tag -v tagname`), then `checksout`s
> the tag, and checks that `git status` reports no untracked/modified
> files, without further manually auditing the code, how secure is this
> actually? Is it only as safe as SHA-1?
Yes, it is only as "safe as SHA-1" in the sense that you have GPG-signed
only a SHA-1 hash. If somebody can find a collision with a hash you have
signed, they can substitute the colliding data for the data you signed.
Of course, "safe as SHA-1" and "find a collision" are vague. If
pre-image attacks are feasible (i.e., given already-published SHA-1, I
can find a different input with the same SHA-1), then attacks are
trivial. But when people talk about attacks on SHA-1, they are usually
referring to finding a collision between two new pieces of data. You can
also use that in an attack, but it's much less straightforward
(basically, you need to get somebody to sign one of the colliding pieces
of data and then replace it with the other).
And of course there is the question of getting the colliding data to the
victim. Git does collision checks whenever a remote (e.g., from a "git
fetch") gives us data that we already have. So you could poison new
cloners with bad data, but you could not convince a repository with the
existing "good" half of the collision to fetch the "evil" half.
> > Git uses SHA-1 not for security
>> And goes on.
>> > The security parts are elsewhere
>> Could you please elaborate on this? Where are the security parts? Can
> you please briefly explain how these work? Where can I read more about this?
I cannot speak for Linus, but I would not agree that SHA-1 is not part
of Git's security model. If we consider the GPG signature as a black box
(and we largely do in Git), then we _never_ sign the tree contents
itself. We always sign the SHA-1 of the tree, along with some metadata
(whether you are signing a tag or a commit). If an attacker can create
SHA-1 collisions (either by pre-image, or if you agree to sign a tree
containing a potential collision from an attacker), then you are
vulnerable to having the tree contents swapped out after the fact (and
the signature still checking out).
I am not sure that is what Linus is saying, though. In the paragraph you
quote:
> > "The source control management system Git uses SHA-1 not for security
> but for ensuring that the data has not changed due to accidental
> corruption. Linus Torvalds has said, "If you have disk corruption, if
> you have DRAM corruption, if you have any kind of problems at all, Git
> will notice them. It's not a question of if, it's a guarantee. You can
> have people who try to be malicious. They won't succeed. [...] Nobody
> has been able to break SHA-1, but the point is the SHA-1, as far as Git
> is concerned, isn't even a security feature. It's purely a consistency
> check. The security parts are elsewhere, so a lot of people assume that
> since Git uses SHA-1 and SHA-1 is used for cryptographically secure
> stuff, they think that, OK, it's a huge security feature. It has nothing
> at all to do with security, it's just the best hash you can get. [...] I
> guarantee you, if you put your data in Git, you can trust the fact that
> five years later, after it was converted from your hard disk to DVD to
> whatever new technology and you copied it along, five years later you
> can verify that the data you get back out is the exact same data you put
> in. [...] One of the reasons I care is for the kernel, we had a break in
> on one of the BitKeeper sites where people tried to corrupt the kernel
> source code repositories." [6]
I think he is saying more "SHA-1 is about data integrity, not about
authenticity; if you want authenticity, that's elsewhere [handled by
gpg]". Unsaid there is that you can't really have authenticity without
the integrity, and that I think he was assuming that SHA-1 works (he
says "Nobody has been able to break SHA-1..").
> If (!) I understand Mike Gerwitz ([...] GNU [...]) 's opinion, his
> opinion is, that for best security each and every commit should be
> signed for best possible git verification security.
I think it would depend on your threat model. You haven't defined "best
security".
Even without a break in SHA-1, there is value to signing every commit
versus signing just tags. If Linus signs a tag, all it says is "I think
this tree state and the history leading up to it is called v3.16". But
Linus can lie all he likes about who made each commit, and what happened
in each one. Signing commits is more about authenticating individual
commits: who made them, what was the state they were based on, and what
was the end state (and between the two, you can calculate the introduced
changes).
Of course, that comes with its own headaches, too. E.g., in mailing-list
development, the patch is picked up and applied by a maintainer, who
does not necessarily commit it on the same state you used to create it.
And even if they did, the committer information is different than what
you would create locally. You inherently _can't_ sign that ahead of
time.
-Peff
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 www.xlklife.com.cn www.pingjunba.com.cn www.yuqie7.net.cn www.rilin6.com.cn laduo6.com.cn www.njjfcq.com.cn huini1.net.cn www.mamen1.net.cn www.falie8.net.cn 75ze.org.cn