On Feb 27, 2017, at 6:28 PM, Tony Papadimitriou <[email protected]> wrote: > > On Feb 26, 2017, at 6:34 PM, Tony Papadimitriou <[email protected]> wrote: > >>> how is it possible for someone to inject a 'bad' file with the same SHA1 as >>> a 'good' file already in the repo? >> Your attacker could be MITM’d into the sync stream. I gave an example >> requiring only the current SHA-1 collision technology in my first reply in >> the other thread: > > So now HTTPS is also broken?
Did you not visit the middlebox and antimalware links I provided? Yes, TLS is indeed broken at many sites. Not theoretically broken. I mean desperately, entirely, in-practice broken. On top of that, Fossil doesn’t ship with HTTPS built in, and it’s difficult to add after the fact, so many Fossil users aren’t going to be using TLS. (That’s not a criticism of Fossil, just a fact about it. I don’t *want* a TLS stack built into Fossil; if it were present, I’d bypass it. That’s one of those things best left to the specialists.) >>> The only ways I can imagine >> That’s because you aren’t a highly motivated, highly resourced, highly >> trained black hat. But such people do exist. > > I was implying 'practical' ways, not theoretical. Past is prologue: http://valerieaurora.org/hash.html > So, do you actually know of some other practical ways I’m not a security researcher, just a practitioner who keeps an eye on this sort of thing. I find that the professionals are scarier than I am. > Can you prove your point by providing such a collision while we're still > alive? This link was also provided up-thread: https://goo.gl/d7FTbI Did you not at least read the abstract, or is high-level mathematics not convincing to you? >>> One would still need to match both SHA1 and MD5 to inject -- not easy! > >> Argument from incredulity.[5] > Ditto! (Or prove how easy it is!) I’m giving you mathematics, and you’re giving me maybes. I think I win. >>> may introduce (an avalanche[?] of) bugs, and possibly even risk the >>> integrity of our current repos until fully bug-free. >> Have avalanches of bugs been a notable hallmark of Fossil and SQLite, in >> your experience? > Past success rates do not guarantee future ones (slightly modified from a > bank fine print warning). Current imperviousness does not guarantee future imperviousness. _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
