Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gnomon.org.uk
	designates 93.93.131.22 as permitted sender)
	client-ip=93.93.131.22; envelope-from=roy@gnomon.org.uk;
	helo=darla.gnomon.org.uk; 
Date: Mon, 1 Apr 2013 23:54:17 +0100
From: Roy Badami <roy@gnomon.org.uk>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Message-ID: <20130401225417.GV65880@giles.gnomon.org.uk>
References: <CAKaEYhK5ZzP8scbhyzkEU+WdWjwMBDzkgF+SrC-Mdjgo9G9RnA@mail.gmail.com>
	<CACezXZ94oDX1O7y7cgh+HvDj4QiDWmy1NVQ4Ahq=gmzhgmUaHQ@mail.gmail.com>
	<CAKaEYhK4v3mhkGMKDW9g7km+5artBAjpukQdwx17psgdJaqvgA@mail.gmail.com>
	<CAHQs=o4pKBoVO-14dqoq9EoNxq2BNnKE+zmOjLBw+XqJfAp8yA@mail.gmail.com>
	<CAKaEYh+bePsmzM5XU1wpb_SFrTnbKB8LxMvWLLqP4p8KuesuSA@mail.gmail.com>
	<20130401225107.GU65880@giles.gnomon.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130401225107.GU65880@giles.gnomon.org.uk>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] bitcoin pull requests
Precedence: list

And the moment I hit send I realised it's not necessarily true.
Conceivably, a collision attack might help you craft two commits (one
good, one bad) with the same hash.

But I still maintain what I just posted is true: if someone gets
malicious code into the repo, it's going to be by social engineering,
not by breaking the cyrpto.

roy


On Mon, Apr 01, 2013 at 11:51:07PM +0100, Roy Badami wrote:
> The attack Schneier is talking about is a collision attack (i.e. it
> creates two messages with the same hash, but you don't get to choose
> either of the messages).  It's not a second preimage attack, which is
> what you would need to be able to create a message that hashes to the
> same value of an existing message.
> 
> (And it neither have anything to do with the birthday paradox, BTW -
> which relates to the chance of eventually finding two messages that
> hash to the same value by pure change)
> 
> If someone gets malicious code into the repo, it's going to be by
> social engineering, not by breaking the cyrpto.
> 
> roy
> 
> On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote:
> > On 2 April 2013 00:10, Will <will@phase.net> wrote:
> > 
> > > The threat of a SHA1 collision attack to insert a malicious pull request
> > > are tiny compared with the other threats - e.g. github being compromised,
> > > one of the core developers' passwords being compromised, one of the core
> > > developers going rogue, sourceforge (distribution site) being compromised
> > > etc etc... believe me there's a lot more to worry about than a SHA1
> > > attack...
> > >
> > > Not meaning to scare, just to put things in perspective - this is why we
> > > all need to peer review each others commits and keep an eye out for
> > > suspicious commits, leverage the benefits of this project being open source
> > > and easily peer reviewed.
> > >
> > 
> > Very good points, and I think you're absolutely right.
> > 
> > But just running the numbers, to get the picture, based of scheiner's
> > statistics:
> > 
> > http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
> > 
> > We're talking about a million terrahashes = 2^60 right?
> > 
> > With the block chain, you only have a 10 minute window, but with source
> > code you have a longer time to prepare.
> > 
> > Couldnt this be done with an ASIC in about a week?
> > 
> > 
> > 
> > >
> > > Will
> > >
> > >
> > > On 1 April 2013 23:52, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
> > >
> > >>
> > >>
> > >>
> > >> On 1 April 2013 20:28, Petr Praus <petr@praus.net> wrote:
> > >>
> > >>> An attacker would have to find a collision between two specific pieces
> > >>> of code - his malicious code and a useful innoculous code that would be
> > >>> accepted as pull request. This is the second, much harder case in the
> > >>> birthday problem. When people talk about SHA-1 being broken they actually
> > >>> mean the first case in the birthday problem - find any two arbitrary values
> > >>> that hash to the same value. So, no I don't think it's a feasible attack
> > >>> vector any time soon.
> > >>>
> > >>> Besides, with that kind of hashing power, it might be more feasible to
> > >>> cause problems in the chain by e.g. constantly splitting it.
> > >>>
> > >>
> > >> OK, maybe im being *way* too paranoid here ... but what if someone had
> > >> access to github, could they replace one file with one they had prepared at
> > >> some point?
> > >>
> > >>
> > >>>
> > >>>
> > >>> On 1 April 2013 03:26, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
> > >>>
> > >>>>  I was just looking at:
> > >>>>
> > >>>> https://bitcointalk.org/index.php?topic=4571.0
> > >>>>
> > >>>> I'm just curious if there is a possible attack vector here based on the
> > >>>> fact that git uses the relatively week SHA1
> > >>>>
> > >>>> Could a seemingly innocuous pull request generate another file with a
> > >>>> backdoor/nonce combination that slips under the radar?
> > >>>>
> > >>>> Apologies if this has come up before ...
> > >>>>
> > >>>>
> > >>>> ------------------------------------------------------------------------------
> > >>>> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> > >>>> Rise to greatness in Intel's independent game demo contest.
> > >>>> Compete for recognition, cash, and the chance to get your game
> > >>>> on Steam. $5K grand prize plus 10 genre and skill prizes.
> > >>>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> > >>>> _______________________________________________
> > >>>> Bitcoin-development mailing list
> > >>>> Bitcoin-development@lists.sourceforge.net
> > >>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > >>>>
> > >>>>
> > >>>
> > >>
> > >>
> > >> ------------------------------------------------------------------------------
> > >> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> > >> Rise to greatness in Intel's independent game demo contest.
> > >> Compete for recognition, cash, and the chance to get your game
> > >> on Steam. $5K grand prize plus 10 genre and skill prizes.
> > >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> > >> _______________________________________________
> > >> Bitcoin-development mailing list
> > >> Bitcoin-development@lists.sourceforge.net
> > >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > >>
> > >>
> > >
> 
> > ------------------------------------------------------------------------------
> > Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> > Rise to greatness in Intel's independent game demo contest.
> > Compete for recognition, cash, and the chance to get your game 
> > on Steam. $5K grand prize plus 10 genre and skill prizes. 
> > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> 
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 
> 
> ------------------------------------------------------------------------------
> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game 
> on Steam. $5K grand prize plus 10 genre and skill prizes. 
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>