On Mon, Sep 15, 2014 at 12:35 PM, hasufell <hasuf...@gentoo.org> wrote: > Jauhien Piatlicki: >> Hi, >> >> On 09/15/2014 01:37 AM, Kent Fredric wrote: >>> On 15 September 2014 11:25, hasufell <hasuf...@gentoo.org> wrote: >>> >>>> Robin said >>>>> The Git commit-signing design explicitly signs the entire commit, >>>> including blob contents, to avoid this security problem. >>>> >>>> Is this correct or not? >>>> >>> >>> I can verify a commit by hand with only the commit object and gpg, but >>> without any of the trees or parents. >>> >>> https://gist.github.com/kentfredric/8448fe55ffab7d314ecb >>> >>> >> >> So signing of git commits does not guarantee enough security (taking >> that SHA1 is weak and can be broken), right? Could we than just use >> usual (not thin) manifests? >> > > * there is no known SHA-1 collision afais > * calculating one isn't that hard. NSA might be able to do it in > reasonable time > * however, the algorithms to do that will come up with random garbage, > so it's a completely different thing to hide a useful vulnerability > behind a SHA-1 collision >
sha-1 has is not directly a security feature, rather merely consistency check (albeit it has some security implications). hash is generated by using hash of commit parent and is checked every time you pull. You can actually take master commit and hash and then recursively check whole tree (albeit only basic check from current head parent is done when you pull, assuming that local tree is intact). Corrupting a single commit should be easy enough, but since the system is decentralised, people who you pull from should catch that attempt automagically. At least that's my understanding of how git (mercurial) works. Linus himself sums it nicely here: https://www.youtube.com/watch?feature=player_detailpage&v=4XpnKHJAok8#t=3375 T.P.
