----- Forwarded message from Peter Todd via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> ----- Date: Thu, 23 Feb 2017 13:14:09 -0500 From: Peter Todd via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> To: cryptography@metzdowd.com, bitcoin-dev@lists.linuxfoundation.org Subject: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers Message-ID: <20170223181409.GA6085@savin.petertodd.org> User-Agent: Mutt/1.5.23 (2014-03-12) Reply-To: Peter Todd <pete@petertodd.org>, Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> Worth noting: the impact of the SHA1 collison attack on Git is *not* limited only to maintainers making maliciously colliding Git commits, but also third-party's submitting pull-reqs containing commits, trees, and especially files for which collisions have been found. This is likely to be exploitable in practice with binary files, as reviewers aren't going to necessarily notice garbage at the end of a file needed for the attack; if the attack can be extended to constricted character sets like unicode or ASCII, we're in trouble in general. Concretely, I could prepare a pair of files with the same SHA1 hash, taking into account the header that Git prepends when hashing files. I'd then submit that pull-req to a project with the "clean" version of that file. Once the maintainer merges my pull-req, possibly PGP signing the git commit, I then take that signature and distribute the same repo, but with the "clean" version replaced by the malicious version of the file. -- https://petertodd.org 'peter'[:-1]@petertodd.org _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev ----- End forwarded message -----