HEADS UP: FreeBSD src repo transitioning to git this weekend
John-Mark Gurney
jmg at funkthat.com
Mon Jan 4 19:32:46 UTC 2021
RW wrote this message on Fri, Jan 01, 2021 at 16:56 +0000:
> On Thu, 31 Dec 2020 21:25:08 -0500
> grarpamp wrote:
>
> > > Is there any reason to think [bittorrent] insecure?
> >
> > Cost under $50k of compute to break sha-1,
>
> AFAIK you cannot break SHA-1 in the sense of creating data that
> matches a specific hash. What you can do is create a collision between
> two blocks of data, varying both blocks in the process. This makes
> SHA-1 unsuitable for digital signatures.
TL;DR: No, SHA-1 is broken. PERIOD.
SHAttered[1] (2017) created two valid PDF documents which had the same
SHA-1 hash. The issue was that they were able to choose the entire
document.
The paper released in 2019[2] and implemented in 2020 allows for
chosen-prefix attacks[3] which means that SHA-1 is broken.
It allows the creation of a different message prefix, but results in
the same hash. Before this, git was "secure" in that objects were
prepended w/ length and size, but w/ this latest attack, those
can now be changed as well, allowing someone to wholesale replace
a file in git w/ a different length, and the SHA-1 hash being
the same.
> A *third-party* attacker cannot create a bogus torrent using a
> collision attack against SHA-1 because the attacker would need to match
> a specific hash value.
Wrong, see above.
> What may be possible is that the creator of the legitimate torrent
> might create two torrents with the same hash, but this seems very
> contrived and not very useful. It has all sorts of problems as a way of
> delivering targeted malware.
Again, wrong.
[1] https://en.wikipedia.org/wiki/SHA-1#SHAttered_%E2%80%93_first_public_collision
[2] https://en.wikipedia.org/wiki/SHA-1#Birthday-Near-Collision_Attack_%E2%80%93_first_practical_chosen-prefix_attack
[3] https://en.wikipedia.org/wiki/Collision_attack#Chosen-prefix_collision_attack
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-current
mailing list