Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <laanwj@gmail.com>) id 1UNEZs-0001AH-2x for bitcoin-development@lists.sourceforge.net; Wed, 03 Apr 2013 03:41:36 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.43 as permitted sender) client-ip=209.85.214.43; envelope-from=laanwj@gmail.com; helo=mail-bk0-f43.google.com; Received: from mail-bk0-f43.google.com ([209.85.214.43]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UNEZo-00049E-Pq for bitcoin-development@lists.sourceforge.net; Wed, 03 Apr 2013 03:41:36 +0000 Received: by mail-bk0-f43.google.com with SMTP id jm2so545857bkc.30 for <bitcoin-development@lists.sourceforge.net>; Tue, 02 Apr 2013 20:41:26 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.205.34.195 with SMTP id st3mr14810bkb.16.1364960486292; Tue, 02 Apr 2013 20:41:26 -0700 (PDT) Received: by 10.204.37.203 with HTTP; Tue, 2 Apr 2013 20:41:26 -0700 (PDT) In-Reply-To: <20130401225417.GV65880@giles.gnomon.org.uk> References: <CAKaEYhK5ZzP8scbhyzkEU+WdWjwMBDzkgF+SrC-Mdjgo9G9RnA@mail.gmail.com> <CACezXZ94oDX1O7y7cgh+HvDj4QiDWmy1NVQ4Ahq=gmzhgmUaHQ@mail.gmail.com> <CAKaEYhK4v3mhkGMKDW9g7km+5artBAjpukQdwx17psgdJaqvgA@mail.gmail.com> <CAHQs=o4pKBoVO-14dqoq9EoNxq2BNnKE+zmOjLBw+XqJfAp8yA@mail.gmail.com> <CAKaEYh+bePsmzM5XU1wpb_SFrTnbKB8LxMvWLLqP4p8KuesuSA@mail.gmail.com> <20130401225107.GU65880@giles.gnomon.org.uk> <20130401225417.GV65880@giles.gnomon.org.uk> Date: Wed, 3 Apr 2013 05:41:26 +0200 Message-ID: <CA+s+GJBLUTfu8q2zE4pJ+HO5u-GweGNKZebV=XRhBe7TCPggPg@mail.gmail.com> From: Wladimir <laanwj@gmail.com> To: Roy Badami <roy@gnomon.org.uk> Content-Type: multipart/alternative; boundary=bcaec52c69cbeb2e8b04d96ca096 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (laanwj[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UNEZo-00049E-Pq Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> Subject: Re: [Bitcoin-development] bitcoin pull requests X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Wed, 03 Apr 2013 03:41:36 -0000 --bcaec52c69cbeb2e8b04d96ca096 Content-Type: text/plain; charset=UTF-8 Maybe now that bitcoin is growing out of the toy phase it's an idea to start gpg signing commits, like the Linux kernel ( https://lwn.net/Articles/466468/). But I suppose then we can't use github anymore to merge as-is and need manual steps? Wladimir On Tue, Apr 2, 2013 at 12:54 AM, Roy Badami <roy@gnomon.org.uk> wrote: > And the moment I hit send I realised it's not necessarily true. > Conceivably, a collision attack might help you craft two commits (one > good, one bad) with the same hash. > > But I still maintain what I just posted is true: if someone gets > malicious code into the repo, it's going to be by social engineering, > not by breaking the cyrpto. > > roy > > > On Mon, Apr 01, 2013 at 11:51:07PM +0100, Roy Badami wrote: > > The attack Schneier is talking about is a collision attack (i.e. it > > creates two messages with the same hash, but you don't get to choose > > either of the messages). It's not a second preimage attack, which is > > what you would need to be able to create a message that hashes to the > > same value of an existing message. > > > > (And it neither have anything to do with the birthday paradox, BTW - > > which relates to the chance of eventually finding two messages that > > hash to the same value by pure change) > > > > If someone gets malicious code into the repo, it's going to be by > > social engineering, not by breaking the cyrpto. > > > > roy > > > > On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote: > > > On 2 April 2013 00:10, Will <will@phase.net> wrote: > > > > > > > The threat of a SHA1 collision attack to insert a malicious pull > request > > > > are tiny compared with the other threats - e.g. github being > compromised, > > > > one of the core developers' passwords being compromised, one of the > core > > > > developers going rogue, sourceforge (distribution site) being > compromised > > > > etc etc... believe me there's a lot more to worry about than a SHA1 > > > > attack... > > > > > > > > Not meaning to scare, just to put things in perspective - this is > why we > > > > all need to peer review each others commits and keep an eye out for > > > > suspicious commits, leverage the benefits of this project being open > source > > > > and easily peer reviewed. > > > > > > > > > > Very good points, and I think you're absolutely right. > > > > > > But just running the numbers, to get the picture, based of scheiner's > > > statistics: > > > > > > http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html > > > > > > We're talking about a million terrahashes = 2^60 right? > > > > > > With the block chain, you only have a 10 minute window, but with source > > > code you have a longer time to prepare. > > > > > > Couldnt this be done with an ASIC in about a week? > > > > > > > > > > > > > > > > > Will > > > > > > > > > > > > On 1 April 2013 23:52, Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > > > > > > > >> > > > >> > > > >> > > > >> On 1 April 2013 20:28, Petr Praus <petr@praus.net> wrote: > > > >> > > > >>> An attacker would have to find a collision between two specific > pieces > > > >>> of code - his malicious code and a useful innoculous code that > would be > > > >>> accepted as pull request. This is the second, much harder case in > the > > > >>> birthday problem. When people talk about SHA-1 being broken they > actually > > > >>> mean the first case in the birthday problem - find any two > arbitrary values > > > >>> that hash to the same value. So, no I don't think it's a feasible > attack > > > >>> vector any time soon. > > > >>> > > > >>> Besides, with that kind of hashing power, it might be more > feasible to > > > >>> cause problems in the chain by e.g. constantly splitting it. > > > >>> > > > >> > > > >> OK, maybe im being *way* too paranoid here ... but what if someone > had > > > >> access to github, could they replace one file with one they had > prepared at > > > >> some point? > > > >> > > > >> > > > >>> > > > >>> > > > >>> On 1 April 2013 03:26, Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > > > >>> > > > >>>> I was just looking at: > > > >>>> > > > >>>> https://bitcointalk.org/index.php?topic=4571.0 > > > >>>> > > > >>>> I'm just curious if there is a possible attack vector here based > on the > > > >>>> fact that git uses the relatively week SHA1 > > > >>>> > > > >>>> Could a seemingly innocuous pull request generate another file > with a > > > >>>> backdoor/nonce combination that slips under the radar? > > > >>>> > > > >>>> Apologies if this has come up before ... > > > >>>> > > > >>>> > > > >>>> > ------------------------------------------------------------------------------ > > > >>>> Own the Future-Intel® Level Up Game Demo Contest 2013 > > > >>>> Rise to greatness in Intel's independent game demo contest. > > > >>>> Compete for recognition, cash, and the chance to get your game > > > >>>> on Steam. $5K grand prize plus 10 genre and skill prizes. > > > >>>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > > >>>> _______________________________________________ > > > >>>> Bitcoin-development mailing list > > > >>>> Bitcoin-development@lists.sourceforge.net > > > >>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > >>>> > > > >>>> > > > >>> > > > >> > > > >> > > > >> > ------------------------------------------------------------------------------ > > > >> Own the Future-Intel® Level Up Game Demo Contest 2013 > > > >> Rise to greatness in Intel's independent game demo contest. > > > >> Compete for recognition, cash, and the chance to get your game > > > >> on Steam. $5K grand prize plus 10 genre and skill prizes. > > > >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > > >> _______________________________________________ > > > >> Bitcoin-development mailing list > > > >> Bitcoin-development@lists.sourceforge.net > > > >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > >> > > > >> > > > > > > > > > > ------------------------------------------------------------------------------ > > > Own the Future-Intel® Level Up Game Demo Contest 2013 > > > Rise to greatness in Intel's independent game demo contest. > > > Compete for recognition, cash, and the chance to get your game > > > on Steam. $5K grand prize plus 10 genre and skill prizes. > > > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > > > > _______________________________________________ > > > Bitcoin-development mailing list > > > Bitcoin-development@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > > > ------------------------------------------------------------------------------ > > Own the Future-Intel® Level Up Game Demo Contest 2013 > > Rise to greatness in Intel's independent game demo contest. > > Compete for recognition, cash, and the chance to get your game > > on Steam. $5K grand prize plus 10 genre and skill prizes. > > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > ------------------------------------------------------------------------------ > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --bcaec52c69cbeb2e8b04d96ca096 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div><br></div>Maybe now that bitcoin is growing out of th= e toy phase it's an idea to start gpg signing commits, like the Linux k= ernel (<a href=3D"https://lwn.net/Articles/466468/">https://lwn.net/Article= s/466468/</a>).<div> <br></div><div>But I suppose then we can't use github anymore to merge = as-is and need manual steps?<div><br></div><div>Wladimir</div><div><br><div= ><br></div></div></div></div><div class=3D"gmail_extra"><br><br><div class= =3D"gmail_quote"> On Tue, Apr 2, 2013 at 12:54 AM, Roy Badami <span dir=3D"ltr"><<a href= =3D"mailto:roy@gnomon.org.uk" target=3D"_blank">roy@gnomon.org.uk</a>></= span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8e= x;border-left:1px #ccc solid;padding-left:1ex"> And the moment I hit send I realised it's not necessarily true.<br> Conceivably, a collision attack might help you craft two commits (one<br> good, one bad) with the same hash.<br> <br> But I still maintain what I just posted is true: if someone gets<br> <div class=3D"im HOEnZb">malicious code into the repo, it's going to be= by social engineering,<br> not by breaking the cyrpto.<br> <br> roy<br> <br> <br> </div><div class=3D"HOEnZb"><div class=3D"h5">On Mon, Apr 01, 2013 at 11:51= :07PM +0100, Roy Badami wrote:<br> > The attack Schneier is talking about is a collision attack (i.e. it<br= > > creates two messages with the same hash, but you don't get to choo= se<br> > either of the messages). =C2=A0It's not a second preimage attack, = which is<br> > what you would need to be able to create a message that hashes to the<= br> > same value of an existing message.<br> ><br> > (And it neither have anything to do with the birthday paradox, BTW -<b= r> > which relates to the chance of eventually finding two messages that<br= > > hash to the same value by pure change)<br> ><br> > If someone gets malicious code into the repo, it's going to be by<= br> > social engineering, not by breaking the cyrpto.<br> ><br> > roy<br> ><br> > On Tue, Apr 02, 2013 at 12:27:51AM +0200, Melvin Carvalho wrote:<br> > > On 2 April 2013 00:10, Will <<a href=3D"mailto:will@phase.net"= >will@phase.net</a>> wrote:<br> > ><br> > > > The threat of a SHA1 collision attack to insert a malicious = pull request<br> > > > are tiny compared with the other threats - e.g. github being= compromised,<br> > > > one of the core developers' passwords being compromised,= one of the core<br> > > > developers going rogue, sourceforge (distribution site) bein= g compromised<br> > > > etc etc... believe me there's a lot more to worry about = than a SHA1<br> > > > attack...<br> > > ><br> > > > Not meaning to scare, just to put things in perspective - th= is is why we<br> > > > all need to peer review each others commits and keep an eye = out for<br> > > > suspicious commits, leverage the benefits of this project be= ing open source<br> > > > and easily peer reviewed.<br> > > ><br> > ><br> > > Very good points, and I think you're absolutely right.<br> > ><br> > > But just running the numbers, to get the picture, based of schein= er's<br> > > statistics:<br> > ><br> > > <a href=3D"http://www.schneier.com/blog/archives/2012/10/when_wil= l_we_se.html" target=3D"_blank">http://www.schneier.com/blog/archives/2012/= 10/when_will_we_se.html</a><br> > ><br> > > We're talking about a million terrahashes =3D 2^60 right?<br> > ><br> > > With the block chain, you only have a 10 minute window, but with = source<br> > > code you have a longer time to prepare.<br> > ><br> > > Couldnt this be done with an ASIC in about a week?<br> > ><br> > ><br> > ><br> > > ><br> > > > Will<br> > > ><br> > > ><br> > > > On 1 April 2013 23:52, Melvin Carvalho <<a href=3D"mailto= :melvincarvalho@gmail.com">melvincarvalho@gmail.com</a>> wrote:<br> > > ><br> > > >><br> > > >><br> > > >><br> > > >> On 1 April 2013 20:28, Petr Praus <<a href=3D"mailto:= petr@praus.net">petr@praus.net</a>> wrote:<br> > > >><br> > > >>> An attacker would have to find a collision between t= wo specific pieces<br> > > >>> of code - his malicious code and a useful innoculous= code that would be<br> > > >>> accepted as pull request. This is the second, much h= arder case in the<br> > > >>> birthday problem. When people talk about SHA-1 being= broken they actually<br> > > >>> mean the first case in the birthday problem - find a= ny two arbitrary values<br> > > >>> that hash to the same value. So, no I don't thin= k it's a feasible attack<br> > > >>> vector any time soon.<br> > > >>><br> > > >>> Besides, with that kind of hashing power, it might b= e more feasible to<br> > > >>> cause problems in the chain by e.g. constantly split= ting it.<br> > > >>><br> > > >><br> > > >> OK, maybe im being *way* too paranoid here ... but what = if someone had<br> > > >> access to github, could they replace one file with one t= hey had prepared at<br> > > >> some point?<br> > > >><br> > > >><br> > > >>><br> > > >>><br> > > >>> On 1 April 2013 03:26, Melvin Carvalho <<a href= =3D"mailto:melvincarvalho@gmail.com">melvincarvalho@gmail.com</a>> wrote= :<br> > > >>><br> > > >>>> =C2=A0I was just looking at:<br> > > >>>><br> > > >>>> <a href=3D"https://bitcointalk.org/index.php?top= ic=3D4571.0" target=3D"_blank">https://bitcointalk.org/index.php?topic=3D45= 71.0</a><br> > > >>>><br> > > >>>> I'm just curious if there is a possible atta= ck vector here based on the<br> > > >>>> fact that git uses the relatively week SHA1<br> > > >>>><br> > > >>>> Could a seemingly innocuous pull request generat= e another file with a<br> > > >>>> backdoor/nonce combination that slips under the = radar?<br> > > >>>><br> > > >>>> Apologies if this has come up before ...<br> > > >>>><br> > > >>>><br> > > >>>> ------------------------------------------------= ------------------------------<br> > > >>>> Own the Future-Intel&reg; Level Up Game Demo= Contest 2013<br> > > >>>> Rise to greatness in Intel's independent gam= e demo contest.<br> > > >>>> Compete for recognition, cash, and the chance to= get your game<br> > > >>>> on Steam. $5K grand prize plus 10 genre and skil= l prizes.<br> > > >>>> Submit your demo by 6/6/13. <a href=3D"http://p.= sf.net/sfu/intel_levelupd2d" target=3D"_blank">http://p.sf.net/sfu/intel_le= velupd2d</a><br> > > >>>> _______________________________________________<= br> > > >>>> Bitcoin-development mailing list<br> > > >>>> <a href=3D"mailto:Bitcoin-development@lists.sour= ceforge.net">Bitcoin-development@lists.sourceforge.net</a><br> > > >>>> <a href=3D"https://lists.sourceforge.net/lists/l= istinfo/bitcoin-development" target=3D"_blank">https://lists.sourceforge.ne= t/lists/listinfo/bitcoin-development</a><br> > > >>>><br> > > >>>><br> > > >>><br> > > >><br> > > >><br> > > >> --------------------------------------------------------= ----------------------<br> > > >> Own the Future-Intel&reg; Level Up Game Demo Contest= 2013<br> > > >> Rise to greatness in Intel's independent game demo c= ontest.<br> > > >> Compete for recognition, cash, and the chance to get you= r game<br> > > >> on Steam. $5K grand prize plus 10 genre and skill prizes= .<br> > > >> Submit your demo by 6/6/13. <a href=3D"http://p.sf.net/s= fu/intel_levelupd2d" target=3D"_blank">http://p.sf.net/sfu/intel_levelupd2d= </a><br> > > >> _______________________________________________<br> > > >> Bitcoin-development mailing list<br> > > >> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.= net">Bitcoin-development@lists.sourceforge.net</a><br> > > >> <a href=3D"https://lists.sourceforge.net/lists/listinfo/= bitcoin-development" target=3D"_blank">https://lists.sourceforge.net/lists/= listinfo/bitcoin-development</a><br> > > >><br> > > >><br> > > ><br> ><br> > > -----------------------------------------------------------------= -------------<br> > > Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br> > > Rise to greatness in Intel's independent game demo contest.<b= r> > > Compete for recognition, cash, and the chance to get your game<br= > > > on Steam. $5K grand prize plus 10 genre and skill prizes.<br> > > Submit your demo by 6/6/13. <a href=3D"http://p.sf.net/sfu/intel_= levelupd2d" target=3D"_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br> ><br> > > _______________________________________________<br> > > Bitcoin-development mailing list<br> > > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitc= oin-development@lists.sourceforge.net</a><br> > > <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-d= evelopment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/= bitcoin-development</a><br> ><br> ><br> > ----------------------------------------------------------------------= --------<br> > Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br> > Rise to greatness in Intel's independent game demo contest.<br> > Compete for recognition, cash, and the chance to get your game<br> > on Steam. $5K grand prize plus 10 genre and skill prizes.<br> > Submit your demo by 6/6/13. <a href=3D"http://p.sf.net/sfu/intel_level= upd2d" target=3D"_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br> > _______________________________________________<br> > Bitcoin-development mailing list<br> > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-d= evelopment@lists.sourceforge.net</a><br> > <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo= pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco= in-development</a><br> ><br> <br> ---------------------------------------------------------------------------= ---<br> Own the Future-Intel&reg; Level Up Game Demo Contest 2013<br> Rise to greatness in Intel's independent game demo contest.<br> Compete for recognition, cash, and the chance to get your game<br> on Steam. $5K grand prize plus 10 genre and skill prizes.<br> Submit your demo by 6/6/13. <a href=3D"http://p.sf.net/sfu/intel_levelupd2d= " target=3D"_blank">http://p.sf.net/sfu/intel_levelupd2d</a><br> _______________________________________________<br> Bitcoin-development mailing list<br> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo= pment@lists.sourceforge.net</a><br> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= " target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment</a><br> </div></div></blockquote></div><br></div> --bcaec52c69cbeb2e8b04d96ca096--