Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"Hardened SHA-1 hash" is a confusing way to characterize git's current hash behavior. There is no change in the hash--it continues to be SHA-1. The change is in git's business logic: it will detect hash inputs that look like a SHA-1 collision attack, and will refuse to proceed.


The SHA1DC algorithm implements a different hash function, since it doesn't return the same hash as SHA-1 for all inputs, those inputs just happen to be really rare.

This is SHA-1:

    hash = SHA1(input)
This is SHA-1DC in "only detect collision mode":

    collided, hash = SHA1DC(input)
Where "hash" for SHA1DC(input) will be the same value as SHA1(input), then there's the mode to work around such collisions:

    hash = SHA1DC_safe(input)
In this case "hash" will be the same as SHA1(input) in all cases, except those where the input is detected to be malicious (as in the SHAttered attack). Then SHA1DC_safe(input) will return a different ("safe") hash than SHA1(input) would.

So depending on the mode you use it in it's a different hash function than SHA-1. The Git project only uses it in the "detect a collision and die" mode: https://github.com/git/git/blob/master/sha1dc_git.c#L17-L23

Here's the part of the code where you can see it's implementing a different hash function: https://github.com/git/git/blob/v2.19.0-rc0/sha1dc/sha1.c#L1...

I.e. if detect_coll and safe_hash are set, it will return different hashes than SHA1() for the same input.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: