Marco d'Itri <m...@linux.it> writes: > si...@josefsson.org wrote: >> Can this be substantiated? Using SHA1CD in Git does not necessarily >> mean someone cannot manually create a Git repository with a colliding >> git commit somewhere in the history that gets accepted by git, and >> allows someone to replace actual file contents. That may be the case, >> but I haven't seen any detailed analysis answering that.
> This is quite a strong assertion, and it is up to you to prove it. The > current consensus among cryptography experts is that SHA-1 is still > resistant to preimage attacks. The attack that Simon is talking about doesn't require a preimage attack, only a successful collision attack against Git trees using SHAttered plus some assumptions about where Git may be lazy about revalidating hashes. It's an interesting point that I didn't think of, although I'm not sure that it would work against GitLab and thus against Salsa and I think it's fairly trivial to protect against regardless. I'm working on a longer response; I needed to do a bit of research first. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
