[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers

[Eugen Leitl]

----- Forwarded message from Peter Todd via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> -----

Date: Thu, 23 Feb 2017 13:14:09 -0500
From: Peter Todd via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
To: cryptography at metzdowd.com, bitcoin-dev at lists.linuxfoundation.org
Subject: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
Message-ID: <20170223181409.GA6085 at savin.petertodd.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Reply-To: Peter Todd <pete at petertodd.org>, Bitcoin Protocol Discussion <bitcoin-dev at lists.linuxfoundation.org>

Worth noting: the impact of the SHA1 collison attack on Git is *not* limited
only to maintainers making maliciously colliding Git commits, but also
third-party's submitting pull-reqs containing commits, trees, and especially
files for which collisions have been found. This is likely to be exploitable in
practice with binary files, as reviewers aren't going to necessarily notice
garbage at the end of a file needed for the attack; if the attack can be
extended to constricted character sets like unicode or ASCII, we're in trouble
in general.

Concretely, I could prepare a pair of files with the same SHA1 hash, taking
into account the header that Git prepends when hashing files. I'd then submit
that pull-req to a project with the "clean" version of that file. Once the
maintainer merges my pull-req, possibly PGP signing the git commit, I then take
that signature and distribute the same repo, but with the "clean" version
replaced by the malicious version of the file.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org



_______________________________________________
bitcoin-dev mailing list
bitcoin-dev at lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


----- End forwarded message -----