On Thu, Oct 29, 2015 at 3:59 PM, Warren Young <[email protected]> wrote:
> On Oct 29, 2015, at 3:20 PM, Richard Hipp <[email protected]> wrote: > > > > Each check-in manifest also has a hash over all content of all files > > in the R card. It's an MD5 hash, but that still means the attacker > > would have to find replacement source code that (a) matched both SHA1 > > and MD5 hashes and (b) was valid C code. Good luck with that. > > MD5 collisions can be found in about a second on modern hardware: > > https://tools.ietf.org/html/rfc6151 > > With that work to build on, the only remaining tricky bit is working out a > perturbation algorithm for C source code that doesn’t introduce so much > noise that the code will be flagged as obviously-bad. I mean, you could > just put random UTF-8 text into a C comment to force the collision, but > that will jump out to even one casually scanning the code. > Well, the MD5 collision might be easy to find, but the intersection of "SHA1(useful evil C source code file) == SHA1(pure C source code file)" and "MD5(useful evil full commit) == MD5(pure full commit)" and "useful evil C source code file on the tip of some branch or other location that is likely to be used and not buried deep in the historical recesses of the repository" and ("capable of taking over a computer to inject evil artifact" or "capable of orchestrating man in the middle attack" or "capable of social engineering to convince people to use evil artifact" or "something else I can't think of at the moment") seems to be a pretty tiny intersection. -- Scott Robison
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
