[Whonix-devel] moderation question qubes-devel mailing list
Joanna Rutkowska
joanna at invisiblethingslab.com
Tue Nov 4 10:02:42 CET 2014
On 11/04/14 08:55, Patrick Schleizer wrote:
> Hi Joanna!
>
> Have you seen a moderation request "allow this message?" lately?
>
> Subject was:
> How safe are signed git tags? Only as safe as SHA-1 or somehow safer?
>
> Was sent from:
> patrick-mailinglists at whonix.org
>
> But somehow it never appeared on the qubes-devel mailing list.
>
> Mike Gerwitz's answer however go through:
> https://groups.google.com/forum/#!topic/qubes-devel/yWeDswfLUao
>
> Maybe it was eaten by the spam filter without even notifying you because
> there were too many recpients in the "To:" field?
>
Yeah, I just found it manually among spam and approved. Is the very
address you used subscribed to the ML? Normally this should not happen
for subscribers...
Cheers,
joanna.
> Cheers,
> Patrick
>
> Patrick Schleizer wrote:
>> Hi!
>>
>> How safe are signed git tags? Especially because git uses SHA-1. There
>> is contradictory information around.
>>
>> So if one verifies a git tag (`git tag -v tagname`), then `checksout`s
>> the tag, and checks that `git status` reports no untracked/modified
>> files, without further manually auditing the code, how secure is this
>> actually? Is it only as safe as SHA-1?
>>
>> Let's assume an adversary, that is capable of producing SHA-1 collisions.
>>
>> Linus Torvalds said: [1]
>>
>>> Git uses SHA-1 not for security
>>
>> And goes on.
>>
>>> The security parts are elsewhere
>>
>> Could you please elaborate on this? Where are the security parts? Can
>> you please briefly explain how these work? Where can I read more about this?
>>
>> Wikipedia says. [2]
>>
>>> Nonetheless, without second preimage resistance [3] of SHA-1 signed
>> commits and tags would no longer secure the state of the repository as
>> they only sign the root of a Merkle tree [4].
>>
>> Which contradicts what Linus Torvalds said. What does that mean for
>> security? Which statement is true?
>>
>>> "The source control management system Git uses SHA-1 not for security
>> but for ensuring that the data has not changed due to accidental
>> corruption. Linus Torvalds has said, "If you have disk corruption, if
>> you have DRAM corruption, if you have any kind of problems at all, Git
>> will notice them. It's not a question of if, it's a guarantee. You can
>> have people who try to be malicious. They won't succeed. [...] Nobody
>> has been able to break SHA-1, but the point is the SHA-1, as far as Git
>> is concerned, isn't even a security feature. It's purely a consistency
>> check. The security parts are elsewhere, so a lot of people assume that
>> since Git uses SHA-1 and SHA-1 is used for cryptographically secure
>> stuff, they think that, OK, it's a huge security feature. It has nothing
>> at all to do with security, it's just the best hash you can get. [...] I
>> guarantee you, if you put your data in Git, you can trust the fact that
>> five years later, after it was converted from your hard disk to DVD to
>> whatever new technology and you copied it along, five years later you
>> can verify that the data you get back out is the exact same data you put
>> in. [...] One of the reasons I care is for the kernel, we had a break in
>> on one of the BitKeeper sites where people tried to corrupt the kernel
>> source code repositories." [6]
>>
>> If (!) I understand Mike Gerwitz ([...] GNU [...]) 's opinion, his
>> opinion is, that for best security each and every commit should be
>> signed for best possible git verification security.
>>
>> See also:
>>
>> - Mike Gerwitz's "A Git Horror Story: Repository Integrity With Signed
>> Commits" [7]
>>
>> - Verbose reply by Mike Gerwitz to my question. [8]
>>
>> - Similar question on security stackexchange. [9] Quote: "Nevertheless,
>> If somebody managed to find a way how to find SHA1 collisions easily,
>> then git would have much bigger problem."
>>
>> Cheers,
>> Patrick
>>
>> [1] https://www.youtube.com/watch?v=4XpnKHJAok8&t=56m20s
>> [2] https://en.wikipedia.org/wiki/SHA-1#Data_integrity
>> [3] https://en.wikipedia.org/wiki/Second_preimage_resistance
>> [4] https://en.wikipedia.org/wiki/Merkle_tree
>> [5] https://www.youtube.com/watch?v=4XpnKHJAok8&t=56m20s
>> [6] https://en.wikipedia.org/wiki/SHA-1#Data_integrity
>> [7] http://mikegerwitz.com/papers/git-horror-story
>> [8] https://www.whonix.org/forum/index.php/topic,538.msg4278.html#msg4278
>> [9]
>> https://security.stackexchange.com/questions/67920/how-safe-are-signed-git-tags-only-as-safe-as-sha-1-or-somehow-safer
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://www.whonix.org/pipermail/whonix-devel/attachments/20141104/f941c5bb/attachment.sig>
More information about the Whonix-devel
mailing list