

How Git could be attacked if SHA-1 gets broken - mbrubeck
http://kitenet.net/~joey/blog/entry/sha-1/

======
ComputerGuru
If SHA1 goes down, I think the world has bigger problems to worry about than
Git....

------
pieter
this scenario is still very unlikely, because the birthday attack method will
just produce two randomly garbled files with the same hash.

No-one will accept a patch that introduces some garbled stuff into their
repository, as it's just nonsense.

Even if you are able to upload it as a 'firmware patch' which goes by
unchecked by everyone else, you still won't be able to produce any form of
firmware that'll actually do something you want it to do -- let alone two
versions that can run on the same hardware, where one is exploitless and the
other has an exploit.

For that kind of stuff you'll have to wait a long time. It's still not even
possible with MD5 (though partial data can be preserved with some of the
attacks).

~~~
amalcon
Well, we're talking about programs here. Once you've managed to get an
arbitrary, suspicious-but-harmless patch accepted (which, admittedly, is quite
the hurdle), you can switch one garbled section for another. Then, you can
check which version of the garbled section is in place using your actual code,
and branch based on that. There are of course obfuscated variants of this.

This is similar to that exploit on MD5 signatures of PDFs: trick someone into
blessing something with harmless effects, and then change part of it so that
the effects become harmful. It's not the most dangerous thing in the world, as
we have human gatekeepers to ward against this sort of attack, but it may be
something to watch out for.

~~~
SwellJoe
It seems far more likely that the human gatekeepers will be more fallible than
SHA1 in this context. How many people _really_ understand the deeper
intricacies of C, for example? Submit a patch to a Ruby or Python project to
"speed up parsing" that includes a hunk of C. If it actually does speed up
parsing, it's possible that the patch would be accepted. Maybe there's also a
backdoor in the code. It could take months or years to be discovered, if the
project isn't heavily populated by paranoid C programmers and isn't being
scrutinized by a lot of people (this is why I generally like really popular
Open Source software over niche projects...the level of scrutiny by security
experts is much higher).

