Re: [Bitcoin-development] bitcoin pull requests
And the moment I hit send I realised it's not necessarily true. Conceivably, a collision attack might help you craft two commits (one good, one bad) with the same hash. But I still maintain what I just posted is true: if someone gets malicious code into the repo, it's going to be by social engineering, not by breaking the cyrpto. roy On Mon, Apr 01, 2013 at 11:51:07PM +0100, Roy Badami wrote: > The attack Schneier is talking about is a collision attack (i.e. it > creates two messages with the same hash, but you don't get to choose > either of the messages). It's not a second preimage attack, which is > what you would need to be able to create a message that hashes to the > same value of an existing message. > > (And it neither have anything to do with the birthday paradox, BTW - > which relates to the chance of eventually finding two messages that > hash to the same value by pure change) > > If someone gets malicious code into the repo, it's going to be by > social engineering, not by breaking the cyrpto. > > roy > > On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote: > > On 2 April 2013 00:10, Will wrote: > > > > > The threat of a SHA1 collision attack to insert a malicious pull request > > > are tiny compared with the other threats - e.g. github being compromised, > > > one of the core developers' passwords being compromised, one of the core > > > developers going rogue, sourceforge (distribution site) being compromised > > > etc etc... believe me there's a lot more to worry about than a SHA1 > > > attack... > > > > > > Not meaning to scare, just to put things in perspective - this is why we > > > all need to peer review each others commits and keep an eye out for > > > suspicious commits, leverage the benefits of this project being open > > > source > > > and easily peer reviewed. > > > > > > > Very good points, and I think you're absolutely right. > > > > But just running the numbers, to get the picture, based of scheiner's > > statistics: > > > > http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html > > > > We're talking about a million terrahashes = 2^60 right? > > > > With the block chain, you only have a 10 minute window, but with source > > code you have a longer time to prepare. > > > > Couldnt this be done with an ASIC in about a week? > > > > > > > > > > > > Will > > > > > > > > > On 1 April 2013 23:52, Melvin Carvalho wrote: > > > > > >> > > >> > > >> > > >> On 1 April 2013 20:28, Petr Praus wrote: > > >> > > >>> An attacker would have to find a collision between two specific pieces > > >>> of code - his malicious code and a useful innoculous code that would be > > >>> accepted as pull request. This is the second, much harder case in the > > >>> birthday problem. When people talk about SHA-1 being broken they > > >>> actually > > >>> mean the first case in the birthday problem - find any two arbitrary > > >>> values > > >>> that hash to the same value. So, no I don't think it's a feasible attack > > >>> vector any time soon. > > >>> > > >>> Besides, with that kind of hashing power, it might be more feasible to > > >>> cause problems in the chain by e.g. constantly splitting it. > > >>> > > >> > > >> OK, maybe im being *way* too paranoid here ... but what if someone had > > >> access to github, could they replace one file with one they had prepared > > >> at > > >> some point? > > >> > > >> > > >>> > > >>> > > >>> On 1 April 2013 03:26, Melvin Carvalho wrote: > > >>> > > I was just looking at: > > > > https://bitcointalk.org/index.php?topic=4571.0 > > > > I'm just curious if there is a possible attack vector here based on the > > fact that git uses the relatively week SHA1 > > > > Could a seemingly innocuous pull request generate another file with a > > backdoor/nonce combination that slips under the radar? > > > > Apologies if this has come up before ... > > > > > > -- > > Own the Future-Intel® Level Up Game Demo Contest 2013 > > Rise to greatness in Intel's independent game demo contest. > > Compete for recognition, cash, and the chance to get your game > > on Steam. $5K grand prize plus 10 genre and skill prizes. > > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > ___ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > > >>> > > >> > > >> > > >> -- > > >> Own the Future-Intel® Level Up Game Demo Contest 2013 > > >> Rise to greatness in Intel's independent game demo contest. > > >> Compete for recognition, cash, and the chance to get your game > > >> on Steam. $5K grand prize plus 10 genre and sk
Re: [Bitcoin-development] bitcoin pull requests
The attack Schneier is talking about is a collision attack (i.e. it creates two messages with the same hash, but you don't get to choose either of the messages). It's not a second preimage attack, which is what you would need to be able to create a message that hashes to the same value of an existing message. (And it neither have anything to do with the birthday paradox, BTW - which relates to the chance of eventually finding two messages that hash to the same value by pure change) If someone gets malicious code into the repo, it's going to be by social engineering, not by breaking the cyrpto. roy On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote: > On 2 April 2013 00:10, Will wrote: > > > The threat of a SHA1 collision attack to insert a malicious pull request > > are tiny compared with the other threats - e.g. github being compromised, > > one of the core developers' passwords being compromised, one of the core > > developers going rogue, sourceforge (distribution site) being compromised > > etc etc... believe me there's a lot more to worry about than a SHA1 > > attack... > > > > Not meaning to scare, just to put things in perspective - this is why we > > all need to peer review each others commits and keep an eye out for > > suspicious commits, leverage the benefits of this project being open source > > and easily peer reviewed. > > > > Very good points, and I think you're absolutely right. > > But just running the numbers, to get the picture, based of scheiner's > statistics: > > http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html > > We're talking about a million terrahashes = 2^60 right? > > With the block chain, you only have a 10 minute window, but with source > code you have a longer time to prepare. > > Couldnt this be done with an ASIC in about a week? > > > > > > > Will > > > > > > On 1 April 2013 23:52, Melvin Carvalho wrote: > > > >> > >> > >> > >> On 1 April 2013 20:28, Petr Praus wrote: > >> > >>> An attacker would have to find a collision between two specific pieces > >>> of code - his malicious code and a useful innoculous code that would be > >>> accepted as pull request. This is the second, much harder case in the > >>> birthday problem. When people talk about SHA-1 being broken they actually > >>> mean the first case in the birthday problem - find any two arbitrary > >>> values > >>> that hash to the same value. So, no I don't think it's a feasible attack > >>> vector any time soon. > >>> > >>> Besides, with that kind of hashing power, it might be more feasible to > >>> cause problems in the chain by e.g. constantly splitting it. > >>> > >> > >> OK, maybe im being *way* too paranoid here ... but what if someone had > >> access to github, could they replace one file with one they had prepared at > >> some point? > >> > >> > >>> > >>> > >>> On 1 April 2013 03:26, Melvin Carvalho wrote: > >>> > I was just looking at: > > https://bitcointalk.org/index.php?topic=4571.0 > > I'm just curious if there is a possible attack vector here based on the > fact that git uses the relatively week SHA1 > > Could a seemingly innocuous pull request generate another file with a > backdoor/nonce combination that slips under the radar? > > Apologies if this has come up before ... > > > -- > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > ___ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > >>> > >> > >> > >> -- > >> Own the Future-Intel® Level Up Game Demo Contest 2013 > >> Rise to greatness in Intel's independent game demo contest. > >> Compete for recognition, cash, and the chance to get your game > >> on Steam. $5K grand prize plus 10 genre and skill prizes. > >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > >> ___ > >> Bitcoin-development mailing list > >> Bitcoin-development@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >> > >> > > > -- > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo
Re: [Bitcoin-development] bitcoin pull requests
The threat of a SHA1 collision attack to insert a malicious pull request are tiny compared with the other threats - e.g. github being compromised, one of the core developers' passwords being compromised, one of the core developers going rogue, sourceforge (distribution site) being compromised etc etc... believe me there's a lot more to worry about than a SHA1 attack... Not meaning to scare, just to put things in perspective - this is why we all need to peer review each others commits and keep an eye out for suspicious commits, leverage the benefits of this project being open source and easily peer reviewed. Will On 1 April 2013 23:52, Melvin Carvalho wrote: > > > > On 1 April 2013 20:28, Petr Praus wrote: > >> An attacker would have to find a collision between two specific pieces of >> code - his malicious code and a useful innoculous code that would be >> accepted as pull request. This is the second, much harder case in the >> birthday problem. When people talk about SHA-1 being broken they actually >> mean the first case in the birthday problem - find any two arbitrary values >> that hash to the same value. So, no I don't think it's a feasible attack >> vector any time soon. >> >> Besides, with that kind of hashing power, it might be more feasible to >> cause problems in the chain by e.g. constantly splitting it. >> > > OK, maybe im being *way* too paranoid here ... but what if someone had > access to github, could they replace one file with one they had prepared at > some point? > > >> >> >> On 1 April 2013 03:26, Melvin Carvalho wrote: >> >>> I was just looking at: >>> >>> https://bitcointalk.org/index.php?topic=4571.0 >>> >>> I'm just curious if there is a possible attack vector here based on the >>> fact that git uses the relatively week SHA1 >>> >>> Could a seemingly innocuous pull request generate another file with a >>> backdoor/nonce combination that slips under the radar? >>> >>> Apologies if this has come up before ... >>> >>> >>> -- >>> Own the Future-Intel® Level Up Game Demo Contest 2013 >>> Rise to greatness in Intel's independent game demo contest. >>> Compete for recognition, cash, and the chance to get your game >>> on Steam. $5K grand prize plus 10 genre and skill prizes. >>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d >>> ___ >>> Bitcoin-development mailing list >>> Bitcoin-development@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>> >>> >> > > > -- > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > ___ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] bitcoin pull requests
On 2 April 2013 00:10, Will wrote: > The threat of a SHA1 collision attack to insert a malicious pull request > are tiny compared with the other threats - e.g. github being compromised, > one of the core developers' passwords being compromised, one of the core > developers going rogue, sourceforge (distribution site) being compromised > etc etc... believe me there's a lot more to worry about than a SHA1 > attack... > > Not meaning to scare, just to put things in perspective - this is why we > all need to peer review each others commits and keep an eye out for > suspicious commits, leverage the benefits of this project being open source > and easily peer reviewed. > Very good points, and I think you're absolutely right. But just running the numbers, to get the picture, based of scheiner's statistics: http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html We're talking about a million terrahashes = 2^60 right? With the block chain, you only have a 10 minute window, but with source code you have a longer time to prepare. Couldnt this be done with an ASIC in about a week? > > Will > > > On 1 April 2013 23:52, Melvin Carvalho wrote: > >> >> >> >> On 1 April 2013 20:28, Petr Praus wrote: >> >>> An attacker would have to find a collision between two specific pieces >>> of code - his malicious code and a useful innoculous code that would be >>> accepted as pull request. This is the second, much harder case in the >>> birthday problem. When people talk about SHA-1 being broken they actually >>> mean the first case in the birthday problem - find any two arbitrary values >>> that hash to the same value. So, no I don't think it's a feasible attack >>> vector any time soon. >>> >>> Besides, with that kind of hashing power, it might be more feasible to >>> cause problems in the chain by e.g. constantly splitting it. >>> >> >> OK, maybe im being *way* too paranoid here ... but what if someone had >> access to github, could they replace one file with one they had prepared at >> some point? >> >> >>> >>> >>> On 1 April 2013 03:26, Melvin Carvalho wrote: >>> I was just looking at: https://bitcointalk.org/index.php?topic=4571.0 I'm just curious if there is a possible attack vector here based on the fact that git uses the relatively week SHA1 Could a seemingly innocuous pull request generate another file with a backdoor/nonce combination that slips under the radar? Apologies if this has come up before ... -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>> >> >> >> -- >> Own the Future-Intel® Level Up Game Demo Contest 2013 >> Rise to greatness in Intel's independent game demo contest. >> Compete for recognition, cash, and the chance to get your game >> on Steam. $5K grand prize plus 10 genre and skill prizes. >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d >> ___ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] bitcoin pull requests
On 1 April 2013 20:28, Petr Praus wrote: > An attacker would have to find a collision between two specific pieces of > code - his malicious code and a useful innoculous code that would be > accepted as pull request. This is the second, much harder case in the > birthday problem. When people talk about SHA-1 being broken they actually > mean the first case in the birthday problem - find any two arbitrary values > that hash to the same value. So, no I don't think it's a feasible attack > vector any time soon. > > Besides, with that kind of hashing power, it might be more feasible to > cause problems in the chain by e.g. constantly splitting it. > OK, maybe im being *way* too paranoid here ... but what if someone had access to github, could they replace one file with one they had prepared at some point? > > > On 1 April 2013 03:26, Melvin Carvalho wrote: > >> I was just looking at: >> >> https://bitcointalk.org/index.php?topic=4571.0 >> >> I'm just curious if there is a possible attack vector here based on the >> fact that git uses the relatively week SHA1 >> >> Could a seemingly innocuous pull request generate another file with a >> backdoor/nonce combination that slips under the radar? >> >> Apologies if this has come up before ... >> >> >> -- >> Own the Future-Intel® Level Up Game Demo Contest 2013 >> Rise to greatness in Intel's independent game demo contest. >> Compete for recognition, cash, and the chance to get your game >> on Steam. $5K grand prize plus 10 genre and skill prizes. >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d >> ___ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Bitcoin meets the Semantic Web....
On Mon, Apr 1, 2013 at 9:57 PM, Melvin Carvalho wrote: > 1. bitcoin.org -- logical, but no https and github doesnt let you set mime > types This one looks also logical to me. I'm not an semantic web expert, but from what you wrote I suggest to use a subdomain. Would this be possible for a schema? E.g. schema.bitcoin.org and it points to an indepedently run server for the files … H -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Bitcoin meets the Semantic Web....
On 1 April 2013 11:35, Harald Schilly wrote: > On Mon, Apr 1, 2013 at 9:59 AM, Melvin Carvalho > wrote: > > The first step that needs to be done is to create a "vocabulary" for > > bitcoin. > > Hi, have you checked out databases like OKFN and searched for existing > vocabularies for payments? I don't think it's a great idea to > re-invent it, if there is already some existing protocol. > > random search gave me that: > > http://schema.org/PaymentMethod > > http://www.heppnetz.de/ontologies/goodrelations/v1#PayPal << adding > something right here for bitcoin!? (diners club and similar also exist > there) > > payment relationships: > http://iig2.com/b2bo/ns.html# > > more search results: > http://lov.okfn.org/dataset/lov/search/#s=payment > Thanks for the pointers. I am aware of most of this work, indeed I speak regularly to many of the authors. I will reuse as much as possible, but some terms will be bitcoin specific. I came across: https://en.bitcoin.it/wiki/Bitcoin_glossary Which is really nice. Question is where to host it. I have 3 ideas so far 1. bitcoin.org -- logical, but no https and github doesnt let you set mime types 2. w3id.org -- new site could be a good permanent location 3. bitcoin.it wiki -- has https but im unsure i can set a mime type, anyone know who maintains this? > > Harald > -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] bitcoin pull requests
An attacker would have to find a collision between two specific pieces of code - his malicious code and a useful innoculous code that would be accepted as pull request. This is the second, much harder case in the birthday problem. When people talk about SHA-1 being broken they actually mean the first case in the birthday problem - find any two arbitrary values that hash to the same value. So, no I don't think it's a feasible attack vector any time soon. Besides, with that kind of hashing power, it might be more feasible to cause problems in the chain by e.g. constantly splitting it. On 1 April 2013 03:26, Melvin Carvalho wrote: > I was just looking at: > > https://bitcointalk.org/index.php?topic=4571.0 > > I'm just curious if there is a possible attack vector here based on the > fact that git uses the relatively week SHA1 > > Could a seemingly innocuous pull request generate another file with a > backdoor/nonce combination that slips under the radar? > > Apologies if this has come up before ... > > > -- > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > ___ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Bitcoin meets the Semantic Web....
On Mon, Apr 1, 2013 at 9:59 AM, Melvin Carvalho wrote: > The first step that needs to be done is to create a "vocabulary" for > bitcoin. Hi, have you checked out databases like OKFN and searched for existing vocabularies for payments? I don't think it's a great idea to re-invent it, if there is already some existing protocol. random search gave me that: http://schema.org/PaymentMethod http://www.heppnetz.de/ontologies/goodrelations/v1#PayPal << adding something right here for bitcoin!? (diners club and similar also exist there) payment relationships: http://iig2.com/b2bo/ns.html# more search results: http://lov.okfn.org/dataset/lov/search/#s=payment Harald -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] bitcoin pull requests
I was just looking at: https://bitcointalk.org/index.php?topic=4571.0 I'm just curious if there is a possible attack vector here based on the fact that git uses the relatively week SHA1 Could a seemingly innocuous pull request generate another file with a backdoor/nonce combination that slips under the radar? Apologies if this has come up before ... -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Bitcoin meets the Semantic Web....
I'm working on porting crypto currencies to the semantic web. The advantages of this is that pages can then become machine readable on the web allowing new types of innovation and spreading bitcoin information to a wider audience. The first step that needs to be done is to create a "vocabulary" for bitcoin. What this means is like a dictionary of terms that can be put down in a machine readable standard (called RDF). I was wondering if anyone has worked on this before or if there is a human readable "glossary" for bitcoin that I could take text from? seeAlso: https://bitcointalk.org/index.php?topic=163705.0 -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development