devblog
This commit is contained in:
parent
6b52fcbb7e
commit
622b3fface
2 changed files with 25 additions and 1 deletions
|
@ -5,6 +5,8 @@ to retrieve the file's content (its value).
|
||||||
Multiple pluggable key-value backends are supported, and a single repository
|
Multiple pluggable key-value backends are supported, and a single repository
|
||||||
can use different ones for different files.
|
can use different ones for different files.
|
||||||
|
|
||||||
|
These are the recommended backends to use.
|
||||||
|
|
||||||
* `SHA256E` -- The default backend for new files, combines a 256 bit SHA-2
|
* `SHA256E` -- The default backend for new files, combines a 256 bit SHA-2
|
||||||
hash of the file's content with the file's extension. This allows
|
hash of the file's content with the file's extension. This allows
|
||||||
verifying that the file content is right, and can avoid duplicates of
|
verifying that the file content is right, and can avoid duplicates of
|
||||||
|
@ -20,6 +22,10 @@ can use different ones for different files.
|
||||||
* `SKEIN512`, `SKEIN512E`, `SKEIN256`, `SKEIN256E`
|
* `SKEIN512`, `SKEIN512E`, `SKEIN256`, `SKEIN256E`
|
||||||
-- [Skein hash](http://en.wikipedia.org/wiki/Skein_hash),
|
-- [Skein hash](http://en.wikipedia.org/wiki/Skein_hash),
|
||||||
a well-regarded SHA3 hash competition finalist.
|
a well-regarded SHA3 hash competition finalist.
|
||||||
|
|
||||||
|
The backends below do not guarantee cryptographically that the
|
||||||
|
content of an annexed file remains unchanged.
|
||||||
|
|
||||||
* `SHA1`, `SHA1E`, `MD5`, `MD5E` -- Smaller hashes than `SHA256`
|
* `SHA1`, `SHA1E`, `MD5`, `MD5E` -- Smaller hashes than `SHA256`
|
||||||
for those who want a checksum but are not concerned about security.
|
for those who want a checksum but are not concerned about security.
|
||||||
* `WORM` ("Write Once, Read Many") -- This assumes that any file with
|
* `WORM` ("Write Once, Read Many") -- This assumes that any file with
|
||||||
|
@ -30,6 +36,11 @@ can use different ones for different files.
|
||||||
It's generated when using eg, `git annex addurl --fast`, when the file
|
It's generated when using eg, `git annex addurl --fast`, when the file
|
||||||
content is not available for hashing.
|
content is not available for hashing.
|
||||||
|
|
||||||
|
If you want to be able to prove that you're working with the same file
|
||||||
|
contents that were checked into a repository earlier, you should avoid
|
||||||
|
using the non-cryptographically-secure backends, and will need to use
|
||||||
|
signed git commits. See [[tips/using_signed_git_commits]] for details.
|
||||||
|
|
||||||
Note that the various 512 and 384 length hashes result in long paths,
|
Note that the various 512 and 384 length hashes result in long paths,
|
||||||
which are known to not work on Windows. If interoperability on Windows is a
|
which are known to not work on Windows. If interoperability on Windows is a
|
||||||
concern, avoid those.
|
concern, avoid those.
|
||||||
|
|
13
doc/devblog/day_450__hardening_against_SHA_attacks.mdwn
Normal file
13
doc/devblog/day_450__hardening_against_SHA_attacks.mdwn
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
Yesterday I said that a git-annex repository using signed commits and SHA2
|
||||||
|
backend would be secure from SHA1 collision attacks. Then I noticed that
|
||||||
|
there were two ways to embed the necessary collision generation data inside
|
||||||
|
git-annex key names. I've fixed both of them today, and cannot find any
|
||||||
|
other ways to embed collision generation data in between a signed commit
|
||||||
|
and the annexed files.
|
||||||
|
|
||||||
|
I also have a design for a way to configure git-annex to expect to see only
|
||||||
|
keys using secure hash backends, which will make it easier to work with
|
||||||
|
repositories that want to use signed commits and SHA2. Planning to implement
|
||||||
|
that tomorrow.
|
||||||
|
|
||||||
|
[[todo/sha1_collision_embedding_in_git-annex_keys]] has the details.
|
Loading…
Reference in a new issue