47 lines
2.1 KiB
Markdown
47 lines
2.1 KiB
Markdown
Some git-annex backends allow embedding enough data in the names of keys
|
|
that it could be used for a SHA1 collision attack. So, a signed git commit
|
|
could point to a tree with such a key in it, and the blob for the key could
|
|
have two versions with the same SHA1.
|
|
|
|
Users who want to use git-annex with signed commits to mitigate git's own
|
|
SHA1 insecurities would like at least a way to disable the insecure
|
|
git-annex backends:
|
|
|
|
* WORM can contain fairly arbitrary data in a key name
|
|
* URL too (also, of course, URLs download arbitrary data from the web,
|
|
so a signed git commit pointing at URL keys doesn't have any security
|
|
even w/o SHA1 collisions)
|
|
* SHA1 and MD5 backends are insecure because there can be colliding
|
|
versions of the data they point to.
|
|
|
|
A config setting to prevent git-annex from using insecure backends would be
|
|
useful.
|
|
|
|
(git-annex might suggest enabling that configuration if commit.gpgSign
|
|
is enabled)
|
|
|
|
A few other potential problems:
|
|
|
|
* `*E` backends could embed sha1 collision data in a long filename
|
|
extension in a key.
|
|
|
|
Impact is limited, because even if an attacker does this, the key also
|
|
contains the checksum (eg SHA2) of the annexed data. The current SHA1
|
|
attack is only a prefix attack; it does not allow creating two colliding
|
|
keys that contain two different SHA2 checksums. That would need a
|
|
preimage attack to be feasible.
|
|
|
|
It might be worth limiting the length
|
|
of an extension allowed in such a key to the longest such extension
|
|
git-annex has ever supported (probably < 20 bytes or so), which would
|
|
be less than the size of the data needed for current SHA1 collision
|
|
attacks. Presumably aa preimage attack would need a similar amount of
|
|
data.
|
|
|
|
* It might be possible to embed colliding data in a specially constructed
|
|
key name with an extra field in it, eg "SHA256-cXXXXXXXXXXXXXXX-...".
|
|
Need to review the code and see if such extra fields are allowed.
|
|
|
|
Update: All fields are numeric, but could contain arbitrary data
|
|
after the number. This has been fixed; git-annex refuses to parse
|
|
such fields, so it won't work with files that try to exploit this.
|