mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'ab/doc-hash-brokenness'

Browse Source 
Doc updates.

* ab/doc-hash-brokenness:
  doc hash-function-transition: clarify what SHAttered means
  doc hash-function-transition: clarify how older gits die on NewHash
This commit is contained in:
Junio C Hamano
2018-04-11 13:09:54 +09:00
parent 709f9f5b4b 5988eb631a
commit d877975e12
1 changed files with 32 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
Documentation/technical/hash-function-transition.txt
View File

@ -28,11 +28,30 @@ advantages:
address stored content. address stored content.
Over time some flaws in SHA-1 have been discovered by security Over time some flaws in SHA-1 have been discovered by security
researchers. https://shattered.io demonstrated a practical SHA-1 hash researchers. On 23 February 2017 the SHAttered attack
collision. As a result, SHA-1 cannot be considered cryptographically (https://shattered.io) demonstrated a practical SHA-1 hash collision.
secure any more. This impacts the communication of hash values because
we cannot trust that a given hash value represents the known good Git v2.13.0 and later subsequently moved to a hardened SHA-1
version of content that the speaker intended. implementation by default, which isn't vulnerable to the SHAttered
attack.
Thus Git has in effect already migrated to a new hash that isn't SHA-1
and doesn't share its vulnerabilities, its new hash function just
happens to produce exactly the same output for all known inputs,
except two PDFs published by the SHAttered researchers, and the new
implementation (written by those researchers) claims to detect future
cryptanalytic collision attacks.
Regardless, it's considered prudent to move past any variant of SHA-1
to a new hash. There's no guarantee that future attacks on SHA-1 won't
be published in the future, and those attacks may not have viable
mitigations.
If SHA-1 and its variants were to be truly broken, Git's hash function
could not be considered cryptographically secure any more. This would
impact the communication of hash values because we could not trust
that a given hash value represented the known good version of content
that the speaker intended.
SHA-1 still possesses the other properties such as fast object lookup SHA-1 still possesses the other properties such as fast object lookup
and safe error checking, but other hash functions are equally suitable and safe error checking, but other hash functions are equally suitable
@ -116,10 +135,15 @@ Documentation/technical/repository-version.txt) with extensions
objectFormat = newhash objectFormat = newhash
compatObjectFormat = sha1 compatObjectFormat = sha1
Specifying a repository format extension ensures that versions of Git The combination of setting `core.repositoryFormatVersion=1` and
not aware of NewHash do not try to operate on these repositories, populating `extensions.*` ensures that all versions of Git later than
instead producing an error message: `v0.99.9l` will die instead of trying to operate on the NewHash
repository, instead producing an error message.
# Between v0.99.9l and v2.7.0
$ git status
fatal: Expected git repo version <= 0, found 1
# After v2.7.0
$ git status $ git status
fatal: unknown repository extensions found: fatal: unknown repository extensions found:
objectformat objectformat