[Whonix-devel] How safe are signed git tags? Only as safe as SHA-1 or somehow safer?

Jeff King peff at peff.net
Sat Nov 22 20:48:42 CET 2014


On Fri, Nov 21, 2014 at 06:32:46PM -0500, Jason Pyeron wrote:

> The whole issue is a lot better than this makes it sound. Yes it is
> just a SHA1 hash, but it is a hash of a structured data format.
> 
> You have very observable parts of that well structured data providede to the hash.

Yeah, I glossed over that because I don't know enough about the specific
attacks.  In the worst case, you have a binary file format that lets
people stick arbitrary bits of data in the middle (like the MD5 attacks
on Postscript and PDF files), and you do the collision on the blobs.

But even with that, the sha1s are taken over "blob <n>\0<content>" where
<n> is the number of bytes of <content>. Depending on the exact scheme
for generating probable collisions is less than brute force time, even
that amount of structure may prove problematic. I don't know whether
that is the case for the best-known attacks or not (remember that nobody
has _actually_ generated a sha-1 collision at all yet).

-Peff


More information about the Whonix-devel mailing list