update

2017-02-24 01:21:54 -04:00 · 2017-02-24 01:21:54 -04:00 · 44b9ac41a4
commit 44b9ac41a4
parent 102e04b30c
1 changed files with 13 additions and 2 deletions
--- a/doc/todo/sha1_collision_embedding_in_git-annex_keys.mdwn
+++ b/doc/todo/sha1_collision_embedding_in_git-annex_keys.mdwn
@ -23,10 +23,21 @@ is enabled)
 A few other potential problems:

 * `*E` backends could embed sha1 collision data in a long filename
-  extension. It might be worth limiting the length
+  extension in a key.
+
+  Impact is limited, because even if an attacker does this, the key also
+  contains the checksum (eg SHA2) of the annexed data. The current SHA1
+  attack is only a prefix attack; it does not allow creating two colliding
+  keys that contain two different SHA2 checksums. That would need a
+  preimage attack to be feasible. 
+  
+  It might be worth limiting the length
  of an extension allowed in such a key to the longest such extension
  git-annex has ever supported (probably < 20 bytes or so), which would
-  be less than the size of the data needed for current SHA1 collision attacks.
+  be less than the size of the data needed for current SHA1 collision
+  attacks. Presumably aa preimage attack would need a similar amount of
+  data.
+
 * It might be possible to embed colliding data in a specially constructed
  key name with an extra field in it, eg "SHA256-cXXXXXXXXXXXXXXX-...".
  Need to review the code and see if such extra fields are allowed.