Home > Software engineering >  Is git sha secure for using it to point a dependency version?
Is git sha secure for using it to point a dependency version?

Time:04-07

I would like to know if it secure to use a git sha for pointing to a particular version of a dependency. I know that is not a good practice, but sometimes it is needed.

I already read that, normally, it is not possible to choose the commit Id because it is calculated automatically using a lot of stuff. But nobody mentions that you can rebuild git locally for overriding this algorithm, and let's to generate duplicate sha.

And i didn't read that gitserver checks it in order to make sure the gitclient is not "broken" is that way.

So, supposing the above situation is possible (please confirm it or not), is the sha git considered sicured?

CodePudding user response:

The kind of trick you are talking about is called a preimage attack. Current techniques for generating deliberate SHA-1 collisions require that the bogus-duplicate's content contain a large "binary area"—basically a contiguous blob of bytes—where attacker can manipulate those bytes. PDF images are good candidates here because PDFs may contain such blocks.

Git commit and tag objects, however, do not contain such blocks. They do have an area in which one could drop a block like this, but this area shows us as the log message or tag message when you examine the commit (with git log or git show) or the tag (with git show). It would be hard for a human to miss the fact that at the point the particular commit or tag was "blessed" as "okay to use", the message was something like:

Release version x.y

and now it's:

Release version x.y
filler filler filler ... filler
<random bytes to produce desired hash>
<this section goes on and on for many pages>
footer footer footer ... footer

An automated software system that doesn't bother looking at the commit message or tag message could be fooled, but it would be simple enough to add an entropy detector that notices that what's in the message here no longer matches the kind of data humans generate (which has relatively low entropy; see this blog entry on Shannon entropy and this IBM security document). That's a dead giveaway, and that computation can be automated.

(The message size will also have jumped from "tiny" to "relatively huge", which can be used as well, perhaps independently.)

Still, if you like, you can experiment with the new SHA-256 variant of Git. (You cannot mix variants though: you must either use SHA-1 only, or SHA-256 only. At least, that's the case today.)

  • Related