[144753] in cryptography@c2.net mail archive
SHA-1 and Git (was Re: [tahoe-dev] Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git)
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Aug 19 17:54:01 2009
From: "Perry E. Metzger" <perry@piermont.com>
To: jamesd@echeque.com
Cc: Cryptography List <cryptography@metzdowd.com>
Date: Wed, 19 Aug 2009 17:28:37 -0400
In-Reply-To: <4A8C68CB.10706@echeque.com> (James A. Donald's message of "Thu,
20 Aug 2009 07:04:11 +1000")
"James A. Donald" <jamesd@echeque.com> writes:
> Getting back towards topic, the hash function employed by Git is
> showing signs of bitrot, which, given people's desire to introduce
> malware backdoors and legal backdoors into Linux, could well become a
> problem in the very near future.
I believe attacks on Git's use of SHA-1 would require second pre-image
attacks, and I don't think anyone has demonstrated such a thing for
SHA-1 at this point. None the less, I agree that it would be better if
Git eventually used better hash functions. Attacks only get better with
time, and SHA-1 is certainly creaking.
Emphasis on "eventually", however. This is a "as soon as convenient, not
as soon as possible" sort of situation -- more like within a year than
within a week.
Yet another reason why you always should make the crypto algorithms you
use pluggable in any system -- you *will* have to replace them some day.
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
