mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

comment

Browse source
This commit is contained in:
Joey Hess 2023-11-30 16:49:48 -04:00
parent 093110d997
commit 3e8618fed3
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
doc/todo/alternate_keys_for_same_content/comment_8_4b16c48a2d9f4926d63f6ab54fe801d3._comment Normal file
View file

@ -0,0 +1,19 @@
[[!comment format=mdwn
username="joey"
subject="""comment 8"""
date="2023-11-30T20:43:53Z"
content="""
I think Ilya Shlyakhter gets to a fundamental problem in his comment above.
Any way that git-annex stores data about an alternate key that is recorded
in git, allows anyone to spoof bad data.
For example, if I have a SHA256 key stored in git-annex, it would be a bad
security hole if I fetched from Ilya's repository and suddenly git-annex
was willing to accept some MD5 key as being the same content as my SHA256
key. Even if the two keys had the same content currently, that MD5 key can
be collision attacked later.
So there would need to be a direction in which key upgrades were allowed.
Which is fine for `WORM -> SHA256`, but less clear for `SHA1 -> SHA256`
and much less clear for other pairs of modern hashes.
"""]]