Stories
Slash Boxes
Comments

SoylentNews is people

Watershed SHA1 Collision Just Broke the WebKit Repository

posted by cmn32480 on Sunday February 26 2017, @09:42PM   Printer-friendly
from the just-take-it-out-back-and-shoot-it-already dept.

Fnord666 writes:

Thursday's watershed attack on the widely used SHA1 hashing function has claimed its first casualty: the version control system used by the WebKit browser engine, which became completely corrupted after someone uploaded two proof-of-concept PDF files that have identical message digests.

The bug resides in Apache SVN, an open source version control system that WebKit and other large software development organizations use to keep track of code submitted by individual members. Often abbreviated as SVN, Subversion uses SHA1 to track and merge duplicate files. Somehow, SVN systems can experience a severe glitch when they encounter the two PDF files published Thursday, proving that real-world collisions on SHA1 are now practical.

On Friday morning, the researchers updated their informational website to add the frequently asked question "Is SVN affected?" The answer:

"Yes - please exercise care, as SHA-1 colliding files are currently breaking SVN repositories. Subversion servers use SHA-1 for deduplication and repositories become corrupted when two colliding files are committed to the repository. This has been discovered in WebKit's Subversion repository and independently confirmed by us. Due to the corruption the Subversion server will not accept further commits."

Source: ArsTechnica

Original Submission

 
This discussion has been archived. No new comments can be posted.
Watershed SHA1 Collision Just Broke the WebKit Repository | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by KiloByte on Monday February 27 2017, @11:29AM (3 children)

    by KiloByte (375) on Monday February 27 2017, @11:29AM (#472207)

    btrfs always does that. This way, you can just as well use short hashes while looking for dedup candidates (far more memory efficient), then for the actual dedupe it uses a hash function immune to both preimage and collision attacks, ie, the identity function.

    --
    Ceterum censeo systemd esse delendam.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Troll) by Scruffy Beard 2 on Monday February 27 2017, @04:34PM (2 children)

    by Scruffy Beard 2 (6030) on Monday February 27 2017, @04:34PM (#472340)

    No hash function is immune to collisions.

    For a long time, SHA-1 was considered immune to pre-image and collision attacks.

    • (Score: 2) by KiloByte on Tuesday February 28 2017, @03:19PM (1 child)

      by KiloByte (375) on Tuesday February 28 2017, @03:19PM (#472802)

      Kind of *whoosh*, but let's explain.

      Any bijective function is fully immune to both collisions and second preimage, not just merely resistant. On the other hand, many of them, like the identity function or rot13, are quite vulnerable to first preimage, but that's not what you use them for. What you're missing is that they're not one-way functions, where collisions must happen due to the pigeonhole principle and may at most be hard to find.

      --
      Ceterum censeo systemd esse delendam.