branch master updated: website: commit-authentication: Add section on SH

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: website: commit-authentication: Add section on SH

From:	Ludovic Court�s
Subject:	branch master updated: website: commit-authentication: Add section on SHA-1.
Date:	Tue, 30 Jun 2020 11:13:25 -0400

This is an automated email from the git hooks/post-receive script.

civodul pushed a commit to branch master
in repository guix-artwork.

The following commit(s) were added to refs/heads/master by this push:
     new e05a0e7  website: commit-authentication: Add section on SHA-1.
e05a0e7 is described below

commit e05a0e7559ed20966db9885f7f85fb7b6aa916db
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Jun 30 17:07:44 2020 +0200

    website: commit-authentication: Add section on SHA-1.
    
    * website/drafts/commit-authentication.md (SHA-1): New section.
---
 website/drafts/commit-authentication.md | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/website/drafts/commit-authentication.md 
b/website/drafts/commit-authentication.md
index 1abac17..3f3a681 100644
--- a/website/drafts/commit-authentication.md
+++ b/website/drafts/commit-authentication.md
@@ -339,7 +339,37 @@ documented in the
 manual](https://guix.gnu.org/manual/devel/en/html_node/Channels.html),
 and we’d love to get your feedback!
 
-# SHA1
+# SHA-1
+
+We can’t really discuss Git commit signing without mentioning
+[SHA-1](https://en.wikipedia.org/wiki/SHA-1).  The venerable
+crytographic hash function is approaching end of life, as evidenced by
+[recent](https://shattered.io/)
+[breakthroughs](https://sha-mbles.github.io/).  Signing a Git commit
+essentially boils down to signing a SHA-1 hash, because all objects in
+the Git store are identified by their SHA-1 hash.
+
+Git is now relies on a [collision attack detection
+library](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-stevens.pdf),
+that appears to mitigate practical attacks.  Furthermore, the Git
+project is planning a [hash function
+transition](https://git-scm.com/docs/hash-function-transition/) to
+address the problem.
+
+Some projects such as Bitcoin Core choose to not rely on SHA-1 at all.
+Instead, for the commits they sign, they include in the commit log the
+SHA512 hash of the tree, which the [verification scripts
+check](https://github.com/bitcoin/bitcoin/tree/master/contrib/verify-commits).
+
+Computing a tree hash _for each commit_ in Guix would probably be
+prohibitively costly.  For now, for lack of a better solution, we rely
+on Git’s collision attack detection and look forward to a hash function
+transition.
+
+As for SHA-1 in an OpenPGP context: our authentication code [rejects
+SHA-1 OpenPGP signatures](https://issues.guix.gnu.org/41787), as
+recommended.
+
 # Related work
 # Future work

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: website: commit-authentication: Add section on SHA-1., Ludovic Court�s <=

Prev by Date: branch master updated: gnu: cuirass: Update to 0.0.1-37.882393d.
Next by Date: branch master updated: gnu: Add taisei.
Previous by thread: branch master updated: gnu: cuirass: Update to 0.0.1-37.882393d.
Next by thread: branch master updated: gnu: Add taisei.
Index(es):
- Date
- Thread