On 2/27/17, Warren Young <war...@etr-usa.com> wrote: > On Feb 26, 2017, at 2:58 PM, Stephan Beal <sgb...@googlemail.com> wrote: >> >> just FYI, Linus' own words on the topic, posted yesterday: >> >> https://plus.google.com/u/0/+LinusTorvalds/posts/7tp2gYWQugL > > Point #1 misses the fact that people *do* rely on Git hashes for security. > Maybe they’re not “supposed” to, but they do. > > For example, the CentOS sources are published through Git these days, rather > than as a pile of potentially-signed SRPM files. This means the only > assurance you have that the content checked into Git hasn’t been tampered > with is that the hashes are consistent.
This is a long-standing peeve of mine, which is: a repository is not a release. If this is how CentOS does distribution, I'd argue they have more of a systemic problem than a technical one. -bch > > (I randomly inspected one of their repos, and it doesn’t use GPG signed > commits, so the hashes are all you’ve got.) > > This is adequate security today, but once bad actors can do these SHA1 > attacks inexpensively, it’ll be a problem if git.centos.org is still relying > on SHA1 hashes. > > > Point #2 is also questionable. Torvalds is assuming that any collision > attack on a Git checkin will be detectable because of the random noise you > have to insert into both instances to make them match. > > Except that you don’t have to do it with random noise. > > Thought experiment time: Given that it is now mature technology to be able > to react to a useful subset of the spoken English language either over a > crappy cell phone connection or via shouting at a microphone in a canister > in the next room, complete with query chaining (e.g. Google Now, Amazon > Echo, etc.) how much more difficult is it to write an “AI” that can > automatically generate sane-looking but harmless C code in the middle of a > pile of other C code to fuzz its data bits? > > I have no training in AI type stuff, but I think I could do a pretty decent > job just by feeding a large subset of GitHub into a Markov chain model. Now > imagine what someone with training, motivation, and resources could do. > > Or, don't imagine. Just go read the Microsoft Research paper on DeepCoder: > > https://news.ycombinator.com/item?id=13720580 > > I suspect there are parts of the Linux kernel sources that are > indistinguishable from the output of a Markov chain model. :) *Someone* > allowed those patches to be checked in. > > > As for his point #3, he just offers it without support. He says there’s a > plan. Well, we have a plan, too. Plans are easy. Execution is the hard > part. > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
