A Song of Ice and FireAlphaGoAntivirusArtificial IntelligenceBashBod PressBusinessCharityChatbotChildrenComputerConflict ZoneCouchDBEbola VirusFM ReceiverGame of ThronesGeolocationGeorge R.R. MartinGuideIncorporationInformation SecurityIoTJavaScriptLawLearningLinus TorvaldsMedicine Mental IllnessNewsNoSQLOperating SystemRansomwareRansomware DayReviewRevolutionRobotsSHA-1San FranciscoScienceSmall BusinessSolar EclipseTechnologyThe Fourth Industrial RevolutionThe FutureTime ManagementUnix-likeVanilla ForumsWana Decrypt0rWelcomeWordpressWorld Bank GroupZero-day Vulnerability

Linus Torvalds Spoke About the Collisions of SHA-1 in Git Repositories: There is Nothing to be Afraid of

Google's co-workers and the Centre of Mathematics and Computer Science in Amsterdam, presented the first algorithm generating collisions for SHA-1. During ten years of existence of the SHA-1 was not aware of any practical way to create documents with the same hash SHA-1 and digital signature as another document, but now this opportunity has appeared.

A hash function SHA-1 is used overall, so the news of the generation of documents with an identical hash caused natural concern for users. Including users of version control system Git, which also uses the SHA-1 hashes. Detailed answers to these concerns gave Linus Torvalds. In short, nothing to fear.

Linus said that this attack would do nothing critical in the search for this collisions. According to him, there is a big difference between using a cryptographic hash for digital signatures and encryption systems for the generation of "Content ID" in the system such as Git.

In the first case, the hash – is a kind of declaration of trust. The hash acts as a source of confidence that fundamentally protects you from the people you cannot check in other ways.

On the other hand, Git hash isn't used for "trust." Here the faith applies to people, not on the hash, says Linus. In projects like Git, hash SHA-1 is used for entirely different technical objectives – only to avoid accidental conflicts and as an excellent way to detect errors. It's just a tool that helps you quickly identify the distorted data. This is not about data security and the technical convenience of deduplication and error detection. Other version control systems are often used for error detection techniques such as CRC.

Linus admits that SHA-1 is used as the signature Git branches, so in that sense, it is also a part of the web of trust, so the appearance of the attack to find collisions has adverse consequences for Git. But actually, it should admit that this particular attack very easily avoided for several reasons.

Firstly, through this attack, the attacker cannot just create a document with a predetermined hash. He needs to create two documents at once because the attack is conducted on an identical prefix. Secondly, developers have worked to find the SHA-1 collision published scientific articles and posted the tools to recognize the signs of an attack. It can be effortless to identify documents that have the prefix is ​​suitable for generating a second document with the same hash.

That is, in practice, if implemented appropriate protection measures against documents with this prefix, the attack is not feasible. By the way, this protection has already been implemented in Gmail and GSuite. The detector works sensitive documents publicly available on the website shattered.io. Collision detection sha1collisiondetection Library can be found on Github.

When all the data is in the public domain, the real attack is almost impossible. The authors cite the example of research attacks on PDF documents with the same prefix. This attack is successful because the prefix itself "closed" within a document, as a blob. If we have open source code in the repository, then it is another matter. It is hardly possible to do such a prefix of the source code (only the blob). In other words, to create the same prefix and following code generation branches with the same SHA-1 hashes will have to implement the code in some random data that will be immediately noticed. Linus said that there are places where you can hide data, but git fsck already catches such tricks.

Linus Torvalds admits that the real fear can only be tracking PDF documents Git tools. It is possible to recommend to use the instruments to detect signs of attacks, as described above. These patches have been created for hosting the kernel.org github.com and, soon, they will become active, so there is nothing to worry about.

Well, among other things, the future will go from using Git SHA-1, said Linus, have a plan, so that no one even had to convert their repositories. But what is clear, is not such a critical thing to rush into it.

By the way, said Torvalds, tracking problem of PDF-documents with identical hashes, SHA-1 has already proved itself in the version control system Apache SVN, which is used in WebKit repository and the other main projects. Friday night at the Web site of the attack to search for the SHA-1 Collision new information regarding the attack actions on the SVN version control system. They pointed out that the PDF-files with the same SHA-1 hashes is already scratching their SVN repository.

It turns out that if you pour two different files with the same hashes, then the version control system cannot cope with the bug. Someone poured such files in WebKit repository, and then he messed up and stopped accepting new commits.

Here are the two PDF files with the same hash:

Related Coverage

There are certain new technologies that are very much on trend at the moment. These are techs that dominates conversations and is at the centre of media excitement, leading to much hype, fevered speculatio.

22

Ever since the space race (that ended in 1969) territories beyond Earth have been deemed to be one of final frontiers of human conquest. But how possible is it that space travel .

23

In the grand scheme of things, human life has not existed on earth for very long. While many species, such as crocodiles, date back 200 million years, modern humans have only been around for some 200,000 years. Despite our shor.

18

(Technology 3D print car via Pixabay) When it comes to new technology, I often find myself asking whether or not it is really necessary. The need for convenience in a fast-pac.

49

(Img src: Max Pixel) One of the biggest technological advancements of our time is 3D.

60

(Sunrise space outer via Pixabay) It seems almost a lifetime ago that the US and Russia were locked in a desperate struggle to reach space. Fifty years hence, and it seems we .

120

Free Antivirus Software Over 8 years have gone after Windows 7 was introduced it's as yet the most mainstream Windows out there. In any case, the sudden rise of the substantial scale ransomware disease demonstrated to us some unquestionable security escape clauses in Microsoft's fan top choice. Fundamentally, a lot of clients set aside the way that the obsolete Security Essentials ca.

100

The Internet of Things has had a huge impact on the way many industries are approaching the future, with lots of research centred around IoT, and the success of smartwatches has shown the clear potential in wearable technology. Combining IoT with clothing makes a lot of sense, as it takes advantage of items that are on our person for long periods of the day. Over the next few years, wearable te.

97

October 4th, 1957: the Soviet Union launched the very first satellite, Sputnik 1, into Space. It was the first time humanity had sent any object in to space. Twelve years later, in July 1969, Neil Armstrong became the first person to walk on the moon, paving the way for increasingly bo.

241

Although there have been many smaller developments, and numerous aesthetic changes along the way, the face of transportation has looked fairly similar for the past few decades. Despite promises of hover cars, our roads are still lined with four-wheeled vehicles, trains still run on tracks, and planes are still cramped and noisy. There have been advancements, and in the next few years you can ex.

117

Legal issues At some point in life, everyone gets an idea of starting their own business – be it that of dealing in diamonds, opening a restaurant or simply starting a bar they always wanted to open! It is always exciting to start a small business of your own and dreaming about it.

284

One of the most challenging tasks in computer programming is developing an OS and frankly, is not for everyone except the most hard core geekheads among you. In order to start with creating your very own OS let us start by viewing the basic definitions of what a BIOS or boot loader is and does. An operating.

293
January 20, 11 AM
AlphaGo Beginner's Guide

AlphaGo Everyone knows that DeepMind's AlphaGo defeated 18 times world champion Lee Sedol on March 9 2016 at the ancient Chinese game- Go. What’s fascinating is that the game of Go has as many possible moves as there are atoms in the universe. This motivated us to find out more about AlphaGo.

388

Last month, the World Bank Group published the World Development Report (WDR) 2018, the first-ever edition entirely focused on education. The report warns of a learning crisis in global education and the severity of this in the deprived areas. Shockingly, there are still around 260 million children who aren’t even enrolled in primary or secondary schools. Education is meant to equip stud.

270

Medicine is the most rapidly growing area of expertise. In recent decades, new technologies and scientific discoveries have changed the idea of the body and its diseases and at the same time the approach to the treatment of the whole person.

487

he World Health Organization estimates that about 300 million people around the world are suffering from depression, 60 million from bipolar affective disorder, and 21 million from schizophrenia.

336

The Internet of Things The first three industrial revolutions were triggered by steam, electricity, and, and wired computers which transformed people’s way of life and manufacturing and brought digital capabilities to billions of people.

519

Opening your own business is a task that is certainly difficult and responsible, but experienced entrepreneurs will agree that real difficulties come when you start developing an already launched project.

250

Automation of business processes is no longer just an evolving trend in digital marketing. Today it is an integral part of a brand communication.

270

We all have stories about working in dysfunctional offices, with wacky colleagues and under stressful deadlines. But even this cannot compare to working in a conflict zone, a place that is ravaged by war.

533

Game of ThronesGeorge R.R. Martin is an American novelist, fantasy, sci-fi and short story writer. Most of the world got acquainted with him after screen adaptation of his epic saga "a Song of Ice and Fire".

450

Over the last years the art of time management gains popularity. Why so? The answer is very simple: we want to control our life. No wonder there are plenty of interesting techniques allowing us to properly schedule and manage our time.

245

Ebola Virus The Ebola virus causes a severe illness that is often lethal in the absence of treatment.

694
July 11, 09 AM
Welcome to Bod Press

Bod Press is a global social network for readers, journalists and companies engaged in writing and reading. The unique audience, fresh information, constructive communication, and collective creativity.

668

Bod Intelligent Antivirus This review is dedicated to the Bod Intelligent Antivirus developed by Bod Security. The purpose of the article is to show its functionality and demonstrate how it behaves in real conditions.

847 2

wordpress Automattic Company, the developer of WordPress, will no longer spend money on maintaining the office in San Francisco.

937

Computer Technology It seems that many years have passed, which made an eternity by the standards of the world of computer technology. And the reflection on past mistakes does not stop. And what would have happened if...

529

Robotic assistant Millions of American families buy automatic voice assistants to turn off the lights instead of themselves, order pizza and show movie program in the cinema.

523

The data about critical vulnerabilities in WordPress were published - they allow remote execution of shell commands and resetting the administrator password through the substitution of the Host header.

1051 1

More than 60,000 computers were attacked and infected with a virus-extortionist Wana Decrypt0r.

447

At some time, I had to work with one of the document-oriented DBMS – Apache CouchDB, but I had some difficulties with the search of the documentation.

1701

The article describes how to work with push notifications about object events in browsers.

415

Imagine that you are sitting and waiting for someone in the car, and the poster of your favorite group has caught your eye.

409

We will organize the small distribution of free stuff for those who aspire to bring something good, kind, wise, and eternal to children.

366

The idea of editing the user environment variables to elevate the rights in penetration testing is as old as the world.

427
Never miss a story by Franklin Fillmore, when you sign up for Bod Press.
Sign up