<div class="gmail_quote">2009/6/15 Joseph Pecoraro <span dir="ltr"><<a href="mailto:joepeck02@gmail.com">joepeck02@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word"><div><blockquote type="cite"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204, 204, 204);border-left-style:solid;padding-left:1ex">
<div style="word-wrap:break-word"><div><div class="im"><div><blockquote type="cite"><div class="gmail_quote"><div>c) fun things would happen with a SHA collision! ;)</div> </div></blockquote><div><br></div></div></div><div class="im">
<div>c) Hehe, I think I detect a hint of sarcasm. If there is a SHA1 collision then you'd probably make a lot of money!</div><div><div><br></div><div></div></div></div></div></div></blockquote><div class="im"><div><br>
</div><div> C is a serious concern. SHA-1 collisions are now 2^51 - <a href="http://eprint.iacr.org/2009/259.pdf" target="_blank">http://eprint.iacr.org/2009/259.pdf</a></div></div></div></blockquote><div><br></div><div>This time I didn't detect sarcasm =)</div>
<div><br></div><div>I was actually aware of that paper. I saw it on Reddit this past week, and although they complained about the fact that it has not yet been reviewed I think it could very well be valid. Its been known that SHA1 has been theoretically broken (not perfect 2**80) for some time now: (2005)</div>
<div><a href="http://www.schneier.com/blog/archives/2005/02/sha1_broken.html" target="_blank">http://www.schneier.com/blog/archives/2005/02/sha1_broken.html</a></div><div><br></div><div>However, its application in this Repository idea is not to be a cryptographically secure hash, it would just be to perform a quick, reliable, hash of the contents and to produce a unique identifier. There would be no security concerns in the impossibly rare chance that two scripts hashes collide. Just add some whitespace to the text somewhere! It would even be easy to debug when with standard tools such as Firefox's Firebug and Webkit's Web Inspector. Hahaha =)</div>
<div></div></div></div></blockquote><div><br></div><div>In the event of a collision there would be huge issues - imagine running someone else's script in your application. Basically XSS - someone could take over your app, steal passwords, do bank transactions on your behalf, etc. </div>
<div><br></div><div>Collisions are made easier in plain text than in certs given that your input is not constrained.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word"><div><div><br></div><div>Also, Git and Mercurial (distributed version control systems) have been using SHA1 for the exact same purpose for years. I'm more familiar with Git's use of SHA1 and it uses it everywhere in the internals (file contents, directory listings, commit history). </div>
</div></div></blockquote><div><br></div><div>There have been a number of threads about that :) </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div style="word-wrap:break-word">
<div><div></div><div><br></div><div>Finally, if anyone here is seriously concerned with SHA1 just move to SHA-256 or SHA-512. With a repository unlikely to grow into the thousands, much less the millions, the chances of a collision even in 2**51 (2251799813685248 base 10) is bold thinking ;)</div>
<div></div></div></div></blockquote><div><br></div><div>The chances assuming everything is random are very low. The chances assuming an active attacker, which is the case we're considering here, are not 1/2^51. 2^51 merely represents how much work needs to be done, or viewed alternately, how close a plausible attack is.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div style="word-wrap:break-word"><div><div><br></div><div>I'm not attacking anyone here, I'm just clarifying why I think SHA1 is not a bad choice. Collision will always be an issue when a infinite number of things gets reduced to a finite set of values, but the concern negligible when done right.</div>
<div><br></div><div>Cheers</div><div>- Joe</div><div><br></div></div></div></blockquote></div><br>