You are going to great extend to ensure source code authenticity already. :+1:
However, it seems to me that the weakest link here is SHA1 used by git. Ref entry point: sign all git commits
As I am not sure when this problem will be fixed at it’s core (git), I would propose to include a cryptographically strong hash sum over the whole commit (commit, tree, and blobs it references and recursively over submodules) in git tags which are directly signed with GnuPG, also using a cryptographically strong hash sum.
I was quite happy to find git-evtag today which implements this. I have read the Python implementation and it looks good to me. But I am sure you guys can do a more careful review of what ever implementation you end up using :wink:
The main advantage this will give us is that targeted attacks one someone doing a git clone and the adversary being able to perform a preimage attack on a SHA1 hashed file will be more difficult. But even with just SHA1, according to Mike Gerwitz, such an attack would be even harder when the target already has a authentic copy of a repo and an attack is performed on git pull.
You are going to great extend to ensure source code authenticity already. :+1:
However, it seems to me that the weakest link here is SHA1 used by git. Ref entry point: sign all git commits
As I am not sure when this problem will be fixed at it’s core (git), I would propose to include a cryptographically strong hash sum over the whole commit (commit, tree, and blobs it references and recursively over submodules) in git tags which are directly signed with GnuPG, also using a cryptographically strong hash sum.
I was quite happy to find git-evtag today which implements this. I have read the Python implementation and it looks good to me. But I am sure you guys can do a more careful review of what ever implementation you end up using :wink:
The main advantage this will give us is that targeted attacks one someone doing a
git clone
and the adversary being able to perform a preimage attack on a SHA1 hashed file will be more difficult. But even with just SHA1, according to Mike Gerwitz, such an attack would be even harder when the target already has a authentic copy of a repo and an attack is performed ongit pull
.