alexanderGugel / ied

:package: Like npm, but faster - an alternative package manager for Node
http://alexandergugel.github.io/ied
MIT License
1.99k stars 53 forks source link

Replace SHA1 with SHA2 #196

Open alfiepates opened 7 years ago

alfiepates commented 7 years ago

I know it's quite a big change, but given the fact that SHA1 is ridiculously weak I think a "best practice/goodwill" move towards a more secure/collision-proof hash algorithm would be a good decision.

I haven't actually put too much thought into the possibility of generating malicious packages with colliding SHA1 hashes, but I'd assume it's possible.

billiegoose commented 7 years ago

Yes, it definitely should be possible, because all you need is some large buffer area that can be manipulated without being noticed. Git uses SHA1 but it's less vulnerable because it's prefixed with the file length which adds a constraint, the hashes are on a per file basis, and people are always looking at the text diffs, so you'd have to hide the change in a binary. Yet people are moving forward with plans to deprecate SHA1 in git. A node package is just a tarball though, and completely opaque to end users. You could use any file, or even insert a hidden file, and since the file size isn't part of the hash you have a lot of freedom. It would still take a 💩load of money but the payout of infecting a highly used module like 'lodash' with arbitrary code execution could be huge. Particularly if companies cache package tarballs indefinitely under the assumption they're immutable.

alfiepates commented 7 years ago

@wmhilton This is one of the reasons I prefer using "cryptographically sensible" hashes in things that, on the surface, do not appear to need them.

Having benchmarked SHA2 against SHA1 myself, you get a performance hit of under about 25% which (IMO) is an acceptable tradeoff for using a best-practice hash algo.

Besides, your network connection will probably introduce more performance uncertainty than whatever hash algorithm you're using.

billiegoose commented 7 years ago

The main obstacle to using it in git is that SHA2 is physically longer than SHA1 which was only 160 bits or 40 bytes. Since git's all written in C that "40 characters" assumption is hard-coded into all sorts of structs. It should be much quicker to fix in JavaScript.

ephemer commented 2 years ago

This thread is from 5 years ago. Is the project no longer maintained or was this actively decided against?