Re: [linux_var] SHA1 collision & git

To: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>

Subject: Re: [linux_var] SHA1 collision & git

From: Giovanni Orlandi <orlangio@gmail.com>

Date: Thu, 2 Mar 2017 09:28:14 +0100

Authentication-results: linuxvar.it; dkim=pass reason="2048-bit key; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=IXi2kSx1; dkim-adsp=pass; dkim-atps=neutral

Delivered-to: diegor@tiscali.it

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ml.linuxvar.it; s=mail; t=1488443297; bh=mV0cy9hS/ylJKQxzprNlTVuU0PIZ53oKahbTx+ePT/8=; h=In-Reply-To:References:From:Date:To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To; z=In-Reply-To:=20<CAPsbc0K2cvHmokfj-UYdQM6zUt0uY=3DGfcG1BSEL7+YNdQZ gy-g@mail.gmail.com>|References:=20<CAPsbc0+RMrCNEk6FUjN=3DwpuwHv6 xmS6E=3D5X-Tvo8Wq4kessx+A@mail.gmail.com>=0D=0A=20<20170223230424. 891feb1922f3cc30fe10865b@gmx.co.uk>=0D=0A=20<20170224054816.kujso2 34wy6cwros@manillaroad.local.home.trueelena.org>=0D=0A=20<CAPsbc0K 78b62QnmV4xp6FXuCWhG39GekV25xzQe68QRegqtaxg@mail.gmail.com>=0D=0A= 20<20170224094935.tgxmmcb4hglzpyp5@manillaroad.local.home.trueelen a.org>=0D=0A=20<26A58D73-3226-4272-977E-C5CAEB43BC26@gmx.co.uk>=0D =0A=20<20170224120737.e4uavwtfgtls3ccz@manillaroad.local.home.true elena.org>=0D=0A=20<CAPsbc0K2cvHmokfj-UYdQM6zUt0uY=3DGfcG1BSEL7+YN dQZgy-g@mail.gmail.com>|From:=20Giovanni=20Orlandi=20<orlangio@gma il.com>|Date:=20Thu,=202=20Mar=202017=2009:28:14=20+0100|To:=20lin ux_var=20-=20LUG=20di=20Varese=20e=20Provincia=20Mailing=20List=20 <talking@ml.linuxvar.it>|Subject:=20Re:=20[linux_var]=20SHA1=20col lision=20&=20git|List-Id:=20linux_var=20-=20LUG=20di=20Varese=20e= 20Provincia=20Mailing=20List=0D=0A=20<talking.ml.linuxvar.it>|List -Unsubscribe:=20<http://ml.linuxvar.it/cgi-bin/mailman/options/tal king>,=0D=0A=20<mailto:talking-request@ml.linuxvar.it?subject=3Dun subscribe>|List-Archive:=20<http://ml.linuxvar.it/pipermail/talkin g/>|List-Post:=20<mailto:talking@ml.linuxvar.it>|List-Help:=20<mai lto:talking-request@ml.linuxvar.it?subject=3Dhelp>|List-Subscribe: =20<http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking>,=0D=0A =20<mailto:talking-request@ml.linuxvar.it?subject=3Dsubscribe>|Rep ly-To:=20linux_var=20-=20LUG=20di=20Varese=20e=20Provincia=20Maili ng=20List=0D=0A=20<talking@ml.linuxvar.it>; b=rYFgXyLwntkGAhBqMhQlf6o+RgR136LzlwRfV9Va9XsVYQWxdRu/ywBXY3WWwhQ2L LmiyNT4Y5aMTheru2p+6XAMx5mfM/2vcaZJHORm/RouQZAAI2g5oIIxxp6UZHX3Jwh 16hIDtdXh+uoQ5QfVPdOfASioTIwsOaqeG+bqtY0=

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=D6ZnDW6MsynQwQbgyMB6dyK+ru/GrS818STFUrxWjQ0=; b=IXi2kSx1U3zLWSr/4/N/9YYbR1NM+o+Jm5RyHqQqeuZAmxwypo5T0gprgaZsCiiU7u w0Kv+S2fmRSmRcPTZjMuYFs4pTIHwvPD6/K/hSqcg8AoXqTkYeGDYIGExch519c2OphT x7PHpdolYrwzTuJgaz06M5XwXHotclDRu5r9Cqy3wttMGXp8PhjM1RIIA3XcyGke0QQF 3SVXULC4QKOjoXbP28xYXniFDo0rr4rcVynnGnvuq387Vh0UNuBbqqHAMPCOJeVCm/+K VByzGIXLX+lHbs8nwFgCQLlJ7ahwcYyrmhEvBUQQaMgtE3VVvR7EiG0by1NKpkFWHvJg TnvA==

In-reply-to: <CAPsbc0K2cvHmokfj-UYdQM6zUt0uY=GfcG1BSEL7+YNdQZgy-g@mail.gmail.com>

List-archive: <http://ml.linuxvar.it/pipermail/talking/>

List-help: <mailto:talking-request@ml.linuxvar.it?subject=help>

List-id: linux_var - LUG di Varese e Provincia Mailing List <talking.ml.linuxvar.it>

List-post: <mailto:talking@ml.linuxvar.it>

List-subscribe: <http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking>, <mailto:talking-request@ml.linuxvar.it?subject=subscribe>

List-unsubscribe: <http://ml.linuxvar.it/cgi-bin/mailman/options/talking>, <mailto:talking-request@ml.linuxvar.it?subject=unsubscribe>

References: <CAPsbc0+RMrCNEk6FUjN=wpuwHv6xmS6E=5X-Tvo8Wq4kessx+A@mail.gmail.com> <20170223230424.891feb1922f3cc30fe10865b@gmx.co.uk> <20170224054816.kujso234wy6cwros@manillaroad.local.home.trueelena.org> <CAPsbc0K78b62QnmV4xp6FXuCWhG39GekV25xzQe68QRegqtaxg@mail.gmail.com> <20170224094935.tgxmmcb4hglzpyp5@manillaroad.local.home.trueelena.org> <26A58D73-3226-4272-977E-C5CAEB43BC26@gmx.co.uk> <20170224120737.e4uavwtfgtls3ccz@manillaroad.local.home.trueelena.org> <CAPsbc0K2cvHmokfj-UYdQM6zUt0uY=GfcG1BSEL7+YNdQZgy-g@mail.gmail.com>

Reply-to: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>

Sender: "Talking" <talking-bounces@ml.linuxvar.it>

Beh, però vedi il lato "storico".

Se ci fossero delle email o dei documenti PDF di valore storico "CONTRO-FIRMATI" con SHA1,

tra qualche decina di anni si potrebbe "facilmente" alterarli, riproducendo la stessa SHA1.

Giovanni

Il giorno 1 marzo 2017 17:34, Lorenzo Lobba <lorenzo.lobba@gmail.com> ha scritto:

da https://shattered.io/ ::

Who is capable of mounting this attack?
This attack required over 9,223,372,036,854,775,808 SHA1 computations.
This took the equivalent processing power as 6,500 years of single-CPU

Torvalds poi è tornato sull'argomento ribandento che il cielo non è caduto sulla testa.
https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL

Senza entrare nel merito. Se avessi competenze e potenza di calcolo per fare un commit farlocco e infilarlo in un repository in modo tale da diffondere software malevolo, sicuramente avrei competenze e potenza di calcolo per fare attacchi più semplici e magari più remunerativi.

Ciao,
Lorenzo

_______________________________________________
Talking mailing list
Talking@ml.linuxvar.it
http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking

-----------------------------------------------------------------------------------------
Luca 18,5 : "Poiché questa vedova è così molesta le farò giustizia, perché non venga continuamente a importunarmi".
Neemia 8,10 : "...questo giorno è consacrato al nostro Signore; non siate tristi; perché la gioia del Signore è la vostra forza".
GSM 345.6050488 / 327.0547392 / 392.0698126 - Fax 06.62204735

_______________________________________________ Talking mailing list Talking@ml.linuxvar.it http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking

Follow-Ups:

Re: [linux_var] SHA1 collision & git
- From: Elena ``of Valhalla'' <valhalla-l@trueelena.org>

References:

[linux_var] SHA1 collision & git
- From: Lorenzo Lobba <lorenzo.lobba@gmail.com>
Re: [linux_var] SHA1 collision & git
- From: Riccardo Macoratti <r.macoratti@gmx.co.uk>
Re: [linux_var] SHA1 collision & git
- From: Elena ``of Valhalla'' <valhalla-l@trueelena.org>
Re: [linux_var] SHA1 collision & git
- From: Lorenzo Lobba <lorenzo.lobba@gmail.com>
Re: [linux_var] SHA1 collision & git
- From: Elena ``of Valhalla'' <valhalla-l@trueelena.org>
Re: [linux_var] SHA1 collision & git
- From: Riccardo Macoratti <r.macoratti@gmx.co.uk>
Re: [linux_var] SHA1 collision & git
- From: Elena ``of Valhalla'' <valhalla-l@trueelena.org>
Re: [linux_var] SHA1 collision & git
- From: Lorenzo Lobba <lorenzo.lobba@gmail.com>