Subversion and SHA-1fanfFebruary 25 2017, 15:16:31 UTC
Practically every Git user knows it fundamentally relies on SHA-1, but we also know it will take another 6000 CPU-years to break git. But fewer people knew that Subversion also relies on SHA-1 for deduplication, and because (unlike git) it does not prefix files before hashing them, Subversion is trivially vulnerable to denial of service by the published SHA-1 collision.
I have been unreasonably (and unkindly) amused by this over the last couple of days.
Re: Subversion and SHA-1fanfFebruary 25 2017, 15:33:14 UTC
The svn hook script relies on spotting the only known SHA-1 collision, so it is no good for protecting against hypothetical future collisions which might break git.
AIUI the software Google used to generate the collision can also analyse the inner state of SHA-1 to detect when it is being tickled in a dangerous way; maybe that can be adapted as a safety belt, if its false positive rate is low enough. Dunno.
But the long term fix (for both git and svn) is proper hash agility, but this is much harder for git than svn.
Comments 5
I have been unreasonably (and unkindly) amused by this over the last couple of days.
I posted some details and links on hacker news at https://news.ycombinator.com/item?id=13726121
Reply
I wonder if similar things will work for Git.
Reply
AIUI the software Google used to generate the collision can also analyse the inner state of SHA-1 to detect when it is being tickled in a dangerous way; maybe that can be adapted as a safety belt, if its false positive rate is low enough. Dunno.
But the long term fix (for both git and svn) is proper hash agility, but this is much harder for git than svn.
Reply
Oh well, onwards to a better hashing system it is!
Reply
Reply
Leave a comment