GNU logs - #25999, boring messages


Message sent to bug-coreutils@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#25999: SHA1SUM: please switch to sha1dc to warn of attempted hash collision attacks
Resent-From: Henrique de Moraes Holschuh <hmh@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-coreutils@HIDDEN
Resent-Date: Mon, 06 Mar 2017 15:17:01 +0000
Resent-Message-ID: <handler.25999.B.148881339523766 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 25999
X-GNU-PR-Package: coreutils
X-GNU-PR-Keywords: 
To: 25999 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-coreutils@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.148881339523766
          (code B ref -1); Mon, 06 Mar 2017 15:17:01 +0000
Received: (at submit) by debbugs.gnu.org; 6 Mar 2017 15:16:35 +0000
Received: from localhost ([127.0.0.1]:42931 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1ckuNG-0006BG-N6
	for submit <at> debbugs.gnu.org; Mon, 06 Mar 2017 10:16:35 -0500
Received: from eggs.gnu.org ([208.118.235.92]:42811)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <hmh@HIDDEN>) id 1ckuNE-0006B2-KI
 for submit <at> debbugs.gnu.org; Mon, 06 Mar 2017 10:16:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <hmh@HIDDEN>) id 1ckuN8-0008Gc-CH
 for submit <at> debbugs.gnu.org; Mon, 06 Mar 2017 10:16:27 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:55732)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <hmh@HIDDEN>) id 1ckuN8-0008GX-8Z
 for submit <at> debbugs.gnu.org; Mon, 06 Mar 2017 10:16:26 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33765)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <hmh@HIDDEN>) id 1ckuN6-00007d-S3
 for bug-coreutils@HIDDEN; Mon, 06 Mar 2017 10:16:26 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <hmh@HIDDEN>) id 1ckuN3-0008CC-LT
 for bug-coreutils@HIDDEN; Mon, 06 Mar 2017 10:16:24 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:38697)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <hmh@HIDDEN>) id 1ckuN3-0008BE-Ec
 for bug-coreutils@HIDDEN; Mon, 06 Mar 2017 10:16:21 -0500
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
 by mailout.nyi.internal (Postfix) with ESMTP id 7F7EF20B0D
 for <bug-coreutils@HIDDEN>; Mon,  6 Mar 2017 10:16:14 -0500 (EST)
Received: from web3 ([10.202.2.213])
 by compute6.internal (MEProxy); Mon, 06 Mar 2017 10:16:14 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:content-type
 :date:from:message-id:mime-version:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=smtpout; bh=sJxHgHRPy7sPtvt6WZPVEo8av
 mA=; b=evztVbm9sHMu7+SwEcvO/I7HWwquOvUF4RKypG4aDJiEH1FQhPepSRn+w
 WmbkeeDrXfa+cGY92gsh3bBv2DvSZDO6bcYGTG8dnVybHPnNjerdyrjMn6RRuj6i
 U1QCoLh36kIztzdJpfN+3oREys6dlgxA2NmPQ3feKNGwLTjUAA=
X-ME-Sender: <xms:Pn29WEJLJLiBS-EgPKvTdK96lGovgepTq1rGL8EKs6U46msCjf_dyg>
Received: by mailuser.nyi.internal (Postfix, from userid 99)
 id 5EDD99EBC1; Mon,  6 Mar 2017 10:16:14 -0500 (EST)
Message-Id: <1488813374.3833386.901979264.6597C9CC@HIDDEN>
From: Henrique de Moraes Holschuh <hmh@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-9f47d516
Date: Mon, 06 Mar 2017 12:16:14 -0300
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

This is a feature request, in light of the "shattered" attack against
SHA-1[1] published by Google.

A drop-in replacement for sha1 exists, based on the concept of
counter-cryptanalysis[2].  This drop-in replacement can detect when the
SHA-1 hash hits the weakened internal states used by the shattered
attack.  Optionally, it can also negate the
collision-resistance-weakening effect of the "shattered" attack.

This "hardened sha1" drop-in replacement is called sha1dc (for collision
detection), and an implementation can be found at:

https://github.com/cr-marcstevens/sha1collisiondetection

The license for the sha1-dc library is MIT.   Other noteworthy users of
sha1dc are the git scm, which will use it to _detect_ objects weakened
for easier collisions, and refuse such objects.  This new version of git
has not been released yet at the time I am writing this bug report, but
the relevant patches are already in git's "pu" branch.

It would be nice if coreutils' sha1sum would use sha1dc, and report
(either as a warning, or as an error) when an attempt at generating SHA1
collisions is detected.

Note that this feature request is not for sha1sum to switch to the
hardened "safe version" of sha1dc that defuses the collision attempts,
but rather that sha1dc be used to detect and warn the user about the
specially crafted input data that makes the "shattered" attack feasible.

I have no strong opinions on whether sha1sum should abort or just warn
when an attempted collision is detected.  I also have no strong opinions
whether it should use "safe mode" or not, as long as it *does* warn the
user when an attempted collision is detected... only, I feel "safe mode"
behavior should be optional (I have no strong opinions on whether it
should be enabled by default or not).

[1] https://shattered.it/
[2] http://eprint.iacr.org/2017/173/20170228:105224

-- 
  Henrique de Moraes Holschuh <hmh@HIDDEN>




Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Henrique de Moraes Holschuh <hmh@HIDDEN>
Subject: bug#25999: Acknowledgement (SHA1SUM: please switch to sha1dc to
 warn of attempted hash collision attacks)
Message-ID: <handler.25999.B.148881339523766.ack <at> debbugs.gnu.org>
References: <1488813374.3833386.901979264.6597C9CC@HIDDEN>
X-Gnu-PR-Message: ack 25999
X-Gnu-PR-Package: coreutils
Reply-To: 25999 <at> debbugs.gnu.org
Date: Mon, 06 Mar 2017 15:17:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-coreutils@HIDDEN

If you wish to submit further information on this problem, please
send it to 25999 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
25999: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D25999
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems


Message sent to bug-coreutils@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#25999: SHA1SUM: please switch to sha1dc to warn of attempted hash collision attacks
Resent-From: =?UTF-8?Q?P=C3=A1draig?= Brady <P@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-coreutils@HIDDEN
Resent-Date: Tue, 07 Mar 2017 04:46:02 +0000
Resent-Message-ID: <handler.25999.B25999.14888619203793 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 25999
X-GNU-PR-Package: coreutils
X-GNU-PR-Keywords: 
To: Henrique de Moraes Holschuh <hmh@HIDDEN>, 25999 <at> debbugs.gnu.org
Received: via spool by 25999-submit <at> debbugs.gnu.org id=B25999.14888619203793
          (code B ref 25999); Tue, 07 Mar 2017 04:46:02 +0000
Received: (at 25999) by debbugs.gnu.org; 7 Mar 2017 04:45:20 +0000
Received: from localhost ([127.0.0.1]:43477 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1cl6zw-0000z7-Gz
	for submit <at> debbugs.gnu.org; Mon, 06 Mar 2017 23:45:20 -0500
Received: from midir.magicbluesmoke.com ([82.195.144.46]:49492
 helo=mail.magicbluesmoke.com)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <P@HIDDEN>) id 1cl6zu-0000yz-N9
 for 25999 <at> debbugs.gnu.org; Mon, 06 Mar 2017 23:45:19 -0500
Received: from localhost.localdomain (mobile-166-137-176-063.mycingular.net
 [166.137.176.63])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 195E598CD;
 Tue,  7 Mar 2017 04:45:16 +0000 (GMT)
References: <1488813374.3833386.901979264.6597C9CC@HIDDEN>
From: =?UTF-8?Q?P=C3=A1draig?= Brady <P@HIDDEN>
Message-ID: <992429e4-cdad-93cd-0fc8-e8cef3a3f774@HIDDEN>
Date: Mon, 6 Mar 2017 20:45:11 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <1488813374.3833386.901979264.6597C9CC@HIDDEN>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

On 06/03/17 07:16, Henrique de Moraes Holschuh wrote:
> This is a feature request, in light of the "shattered" attack against
> SHA-1[1] published by Google.
> 
> A drop-in replacement for sha1 exists, based on the concept of
> counter-cryptanalysis[2].  This drop-in replacement can detect when the
> SHA-1 hash hits the weakened internal states used by the shattered
> attack.  Optionally, it can also negate the
> collision-resistance-weakening effect of the "shattered" attack.
> 
> This "hardened sha1" drop-in replacement is called sha1dc (for collision
> detection), and an implementation can be found at:
> 
> https://github.com/cr-marcstevens/sha1collisiondetection
> 
> The license for the sha1-dc library is MIT.   Other noteworthy users of
> sha1dc are the git scm, which will use it to _detect_ objects weakened
> for easier collisions, and refuse such objects.  This new version of git
> has not been released yet at the time I am writing this bug report, but
> the relevant patches are already in git's "pu" branch.
> 
> It would be nice if coreutils' sha1sum would use sha1dc, and report
> (either as a warning, or as an error) when an attempt at generating SHA1
> collisions is detected.
> 
> Note that this feature request is not for sha1sum to switch to the
> hardened "safe version" of sha1dc that defuses the collision attempts,
> but rather that sha1dc be used to detect and warn the user about the
> specially crafted input data that makes the "shattered" attack feasible.
> 
> I have no strong opinions on whether sha1sum should abort or just warn
> when an attempted collision is detected.  I also have no strong opinions
> whether it should use "safe mode" or not, as long as it *does* warn the
> user when an attempted collision is detected... only, I feel "safe mode"
> behavior should be optional (I have no strong opinions on whether it
> should be enabled by default or not).
> 
> [1] https://shattered.it/
> [2] http://eprint.iacr.org/2017/173/20170228:105224
> 

Interesting.

I agree the "safe version" is less interesting as one
can use sha3 or blake2 with the same length as sha1,
for about the same compatibility but greater protection.

As for detection, I suppose we should by default
enable this with sha1sum --check, because:
 - sha1sum should be as safe as possible by default
 - we don't care that much about sha1 perf since it's deprecated
 - false positive probability is smaller than 2^-90

I wonder is there similar analysis possible with md5sum?

As for licensing, we could probably integrate it as
we do already for src/blake2/

thanks,
Pádraig




Message received at control <at> debbugs.gnu.org:


Received: (at control) by debbugs.gnu.org; 29 Oct 2018 02:52:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Oct 28 22:52:48 2018
Received: from localhost ([127.0.0.1]:49629 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gGxfc-0002bD-6b
	for submit <at> debbugs.gnu.org; Sun, 28 Oct 2018 22:52:48 -0400
Received: from mail-it1-f170.google.com ([209.85.166.170]:40038)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <assafgordon@HIDDEN>) id 1gGxfb-0002b0-Bd
 for control <at> debbugs.gnu.org; Sun, 28 Oct 2018 22:52:47 -0400
Received: by mail-it1-f170.google.com with SMTP id i191-v6so7773544iti.5
 for <control <at> debbugs.gnu.org>; Sun, 28 Oct 2018 19:52:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=to:from:message-id:date:user-agent:mime-version:content-language
 :content-transfer-encoding;
 bh=DdOIhDU49xayIwXZmaRDHFMXL8/67EJLKJ6y/JHrkSc=;
 b=uvB/vj18Dba92ny4x20hmGFsGkz9STUiOoKFM2bkdEUaCHdrSkf+TK/R1O2xqNDsBQ
 reO7Iguef8YegY7ccbVrreYL0n80Ee2UHvBRIOZK+AjqGzOWt1y0kgf7QQQ6tp3nJH/N
 S6oz4IG4n7X/rNpk1giWBzBSn9c0w5XDQOD1gMiPRmHry5z7zIXo5qF/PXXbMYbiJ9cH
 9s2Ekdl6Q/ImbdUckict9pOMD0FXjFBEGg48r3oYE81Ud3MgFyJx05DM5TTC/jqTy/3t
 XIxNiQGFhvMuvaRnXIAOxWxv70XcJoqdmEKOLPWKFcpbERz8URKpQHlx06xVt8nzNBzL
 kC1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:to:from:message-id:date:user-agent:mime-version
 :content-language:content-transfer-encoding;
 bh=DdOIhDU49xayIwXZmaRDHFMXL8/67EJLKJ6y/JHrkSc=;
 b=tMC/yTufvvlMIVK56iBF1HEyx1ikwdg8NxiJ4MVd/OZ3QZfdFapVxMG83nHJW57aJn
 8ypSkMQVVfjBbMQA/rEJ6O2rYwjtR1OKrlCa6iiYsihFd/ZsZ8bowj8oEhdR8Kz2TPpR
 cT0MlvbL2oO1jpTfCedYh95xaWEHCMUalu02QHUrEBPMD74UdcF6RCfX0564/O0eZqfd
 +oK+ZIPywVU4r3IVcL6JEldK9kRyzKo8NoI/IY0jmNk0UfNwhaH+yeHaZklRDq02et0r
 GtitX/MvFYvgOVkOGlOo7tcrKNNz4vdoNLnRf+uxaocfKvwzeXQN8AH2D3S4wL+9LEsj
 zaww==
X-Gm-Message-State: AGRZ1gKlzmVjeHAfzpvmsLpPCY2q17B8rT7JtAVRuyANUriiu50Q4NLR
 1uE3kkvUdHg3w08gCmJDN7rcvgLybio=
X-Google-Smtp-Source: AJdET5cSAOsCbn8/48F6mH1SnBKwGjPAw1vcVZqWcgaAkzPoyeDm/Ep32LpTLsqmYhtCy1GQLWPRog==
X-Received: by 2002:a24:4ad5:: with SMTP id
 k204-v6mr9292920itb.1.1540781561229; 
 Sun, 28 Oct 2018 19:52:41 -0700 (PDT)
Received: from tomato.housegordon.com (moose.housegordon.com. [184.68.105.38])
 by smtp.googlemail.com with ESMTPSA id
 n2-v6sm6100115iog.75.2018.10.28.19.52.39
 for <control <at> debbugs.gnu.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 28 Oct 2018 19:52:40 -0700 (PDT)
To: control <at> debbugs.gnu.org
From: Assaf Gordon <assafgordon@HIDDEN>
Message-ID: <70f95fbf-d186-d607-8481-fc5720a80abd@HIDDEN>
Date: Sun, 28 Oct 2018 20:52:38 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  severity 25999 wishlist [...] 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
 (assafgordon[at]gmail.com)
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.166.170 listed in wl.mailspike.net]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [209.85.166.170 listed in list.dnswl.org]
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

severity 25999 wishlist




Message sent to bug-coreutils@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#25999: SHA1SUM: please switch to sha1dc to warn of attempted hash collision attacks
References: <1488813374.3833386.901979264.6597C9CC@HIDDEN>
In-Reply-To: <1488813374.3833386.901979264.6597C9CC@HIDDEN>
Resent-From: Christoph Anton Mitterer <calestyo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-coreutils@HIDDEN
Resent-Date: Sun, 08 May 2022 20:20:02 +0000
Resent-Message-ID: <handler.25999.B25999.165204117910075 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 25999
X-GNU-PR-Package: coreutils
X-GNU-PR-Keywords: 
To: 25999 <at> debbugs.gnu.org
Received: via spool by 25999-submit <at> debbugs.gnu.org id=B25999.165204117910075
          (code B ref 25999); Sun, 08 May 2022 20:20:02 +0000
Received: (at 25999) by debbugs.gnu.org; 8 May 2022 20:19:39 +0000
Received: from localhost ([127.0.0.1]:55304 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nnnNS-0002cM-QW
	for submit <at> debbugs.gnu.org; Sun, 08 May 2022 16:19:38 -0400
Received: from cockroach.ash.relay.mailchannels.net ([23.83.222.37]:30041)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <calestyo@HIDDEN>)
 id 1nnnNN-0002bz-4E; Sun, 08 May 2022 16:19:34 -0400
X-Sender-Id: instrampxe0y3a|x-authuser|calestyo@HIDDEN
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id ADECD219E7;
 Sun,  8 May 2022 20:19:28 +0000 (UTC)
Received: from cpanel-007-fra.hostingww.com (unknown [127.0.0.6])
 (Authenticated sender: instrampxe0y3a)
 by relay.mailchannels.net (Postfix) with ESMTPA id D12A72194E;
 Sun,  8 May 2022 20:19:27 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1652041168; a=rsa-sha256;
 cv=none;
 b=5/IG/wbV0MebjwiOH06cW/FhVNIN/pKlmRNOaJGNUB9HBMXJTRDGfwJsrt6j+vV7TJEHkw
 Zp1fi4F3guDBnvKLT4qlliIgvAC4PD9cQ9PZ5uSxdqANceD/qdJFv3VAwq2wyh6PztD9Zo
 Dk+Nf+n5KtIwuRi/KJjfppITi21zMtGi5qPpLV6AOj/q7M2DqjxWhQm31Z9Mi56Ixbx7Sj
 4GxjijYRPthQt4BqrkUsWLGEPZUobfzsAXAziDyhbxjAy7H6Q51AqIqYJYocAJ6S+Aua/m
 vFKutDvLOwR97VxQhluVxhlSj9wVWJ7XlXJeTl1fWyemXcRfI88c76h//fDs5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1652041168;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=3YQN+8RSIYiLAAIALeL8RA9Pf0ABqo/v3ml5AxyTcwc=;
 b=n2Am2aFj3Z3MwpOsERaPlzPwGOjcgY1ELiPA7Ld96zRJimOZ8JXTKWlTWnFjP2otgX9gWi
 URsGWA0W+93Z1dRh++osZ5U9izkrcRyzHS4fQ0Uf3/mhWat8gd5EUrg8jEgbSblaulB2mx
 6XwQrdMkJ4Oqb/PjIciBHrJ/WsZqtG9ibBjIrXG0APMyWG9zHKlYZqcaKfHu/OGX0N1gES
 4kFx/r93TNCcLLGIXysYwxsyvjn+gUUq0r25Y1QZRpkT7Kpta/XT5ENsz0DUlphEOXtE0g
 HdvdhZ9YyuGBRYB4b3EkregzvuQ6nX5T3/3siBiI30jN/i9CCoNGoTPA1senlQ==
ARC-Authentication-Results: i=1; rspamd-847cd55849-8q78p;
 auth=pass smtp.auth=instrampxe0y3a smtp.mailfrom=calestyo@HIDDEN
X-Sender-Id: instrampxe0y3a|x-authuser|calestyo@HIDDEN
X-MC-Relay: Neutral
X-MailChannels-SenderId: instrampxe0y3a|x-authuser|calestyo@HIDDEN
X-MailChannels-Auth-Id: instrampxe0y3a
X-Chemical-Shrill: 192d5bdb2761d2ff_1652041168325_149012813
X-MC-Loop-Signature: 1652041168324:3554726252
X-MC-Ingress-Time: 1652041168324
Received: from cpanel-007-fra.hostingww.com (cpanel-007-fra.hostingww.com
 [3.69.87.180])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384)
 by 100.112.55.199 (trex/6.7.1); Sun, 08 May 2022 20:19:28 +0000
Received: from ppp-46-244-249-74.dynamic.mnet-online.de ([46.244.249.74]:60402
 helo=heisenberg.fritz.box)
 by cpanel-007-fra.hostingww.com with esmtpsa (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <calestyo@HIDDEN>) id 1nnnNC-0000Zt-7b;
 Sun, 08 May 2022 20:19:26 +0000
Message-ID: <78061500d1123b0d2a782f8661e602a50b613a17.camel@HIDDEN>
From: Christoph Anton Mitterer <calestyo@HIDDEN>
Date: Sun, 08 May 2022 22:19:21 +0200
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
User-Agent: Evolution 3.44.1-2 
MIME-Version: 1.0
X-OutGoing-Spam-Status: No, score=-1.0
X-AuthUser: calestyo@HIDDEN
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hey. Is this still being considered? Thanks, Chris. 
 Content analysis details:   (1.1 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [23.83.222.37 listed in list.dnswl.org]
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
 1.1 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan
 - why trust the results?
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hey.

Is this still being considered?

Thanks,
Chris.




Message sent to bug-coreutils@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#25999: SHA1SUM: please switch to sha1dc to warn of attempted hash collision attacks
Resent-From: =?UTF-8?Q?P=C3=A1draig?= Brady <P@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-coreutils@HIDDEN
Resent-Date: Mon, 09 May 2022 13:18:01 +0000
Resent-Message-ID: <handler.25999.B25999.165210222429799 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 25999
X-GNU-PR-Package: coreutils
X-GNU-PR-Keywords: 
To: Christoph Anton Mitterer <calestyo@HIDDEN>, 25999 <at> debbugs.gnu.org
Received: via spool by 25999-submit <at> debbugs.gnu.org id=B25999.165210222429799
          (code B ref 25999); Mon, 09 May 2022 13:18:01 +0000
Received: (at 25999) by debbugs.gnu.org; 9 May 2022 13:17:04 +0000
Received: from localhost ([127.0.0.1]:56594 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1no3G3-0007kZ-T6
	for submit <at> debbugs.gnu.org; Mon, 09 May 2022 09:17:04 -0400
Received: from mail-wm1-f43.google.com ([209.85.128.43]:39787)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pixelbeat@HIDDEN>) id 1no3G1-0007jy-QT
 for 25999 <at> debbugs.gnu.org; Mon, 09 May 2022 09:17:02 -0400
Received: by mail-wm1-f43.google.com with SMTP id
 125-20020a1c0283000000b003946c466c17so180572wmc.4
 for <25999 <at> debbugs.gnu.org>; Mon, 09 May 2022 06:17:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:message-id:date:mime-version:user-agent:subject
 :content-language:to:references:from:in-reply-to
 :content-transfer-encoding;
 bh=IfHkMLtrCI+S2hMFkkfDNCKaoG1x92Nb+LVc3xM5lrw=;
 b=AlIEnxsblu9oc25Lv1DpHnuZIxFry6Idze7Mri23CCs4og8s0jp/CZ4loS+x0mn1u7
 zEaRvMaJjpNH2Am0TfTeZcVAbC4ms4lGKPTMW8nU6Q/xaqobYhAWd043y9mS9hYpNUFm
 gThlYrXEZJC0ciTd6Z+CkpZz9SOVxz3Pbs8GwAY1/iqdCrZHPDOXabQhc6KouW9+UxCd
 L96MFIGTUBR1Qrxk9WN74o9pcQNhwqzZnhqFFs5wljpUyrILpKfd9Elu15KyWuaJhepb
 McB3Yxy/MakepQu3HCNzTl2rxcmyZDwW9a8r8viinHDAn/wA1RLBqVeENyQkMfhKY1Qg
 8T6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:message-id:date:mime-version:user-agent
 :subject:content-language:to:references:from:in-reply-to
 :content-transfer-encoding;
 bh=IfHkMLtrCI+S2hMFkkfDNCKaoG1x92Nb+LVc3xM5lrw=;
 b=2d61rgkr9iRbOCZF/0Ih/XBlHD88Feoj4FtOPEWBbxH8weNUFdmpvXNipWHiYbV4Sl
 7nBzdRpXtkjOrDE/bRNOxB/5AEdWNyDXa/UPevSqchzVQaHEPtp4CVhveF5J20ftcSlT
 qisY11sTiYHHKlvNggt2nIC6MLoLug7Iauk9+WEvik6y/1Demx/maFqmeaFz4o39dbPG
 tQQE+7IbdN189W5sllqQki4ZjUWjz4T1WYJ87F9gIxNNEPnhcifO1xKO597DQtxBeT3C
 srd+XHXx24toXmUtAqctTCqp5xs/80LoS9XAdREUq62daRhcYTwBUpRQ7sNDPlXiCkfV
 00iw==
X-Gm-Message-State: AOAM533nZxOpX6wowoR5VrhkLUIjV5xqld3gyiIJ3pyrA4qLcfjoE2B4
 LqKwwyQYfe9D75lrLNfHdqc=
X-Google-Smtp-Source: ABdhPJwAoVdi9UDcegzYI7xnaNSl/d7uy7KDK4TORrwsQzxAqf2thAgR+nFyLDaWSee4CdB3gZjmAQ==
X-Received: by 2002:a05:600c:500d:b0:394:62d1:b3fa with SMTP id
 n13-20020a05600c500d00b0039462d1b3famr22375681wmr.194.1652102215070; 
 Mon, 09 May 2022 06:16:55 -0700 (PDT)
Received: from [192.168.1.9]
 (95-44-90-175-dynamic.agg2.lod.rsl-rtd.eircom.net. [95.44.90.175])
 by smtp.googlemail.com with ESMTPSA id
 o9-20020a5d6709000000b0020c5253d8c1sm10919799wru.13.2022.05.09.06.16.54
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 09 May 2022 06:16:54 -0700 (PDT)
Message-ID: <a3c8a3f3-9262-7811-8552-47c1b85cfccf@HIDDEN>
Date: Mon, 9 May 2022 14:16:53 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101
 Thunderbird/97.0
Content-Language: en-US
References: <1488813374.3833386.901979264.6597C9CC@HIDDEN>
 <78061500d1123b0d2a782f8661e602a50b613a17.camel@HIDDEN>
From: =?UTF-8?Q?P=C3=A1draig?= Brady <P@HIDDEN>
In-Reply-To: <78061500d1123b0d2a782f8661e602a50b613a17.camel@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

On 08/05/2022 21:19, Christoph Anton Mitterer wrote:
> Hey.
> 
> Is this still being considered?

Yes it still does make sense,
especially as sha1 becomes less popular over time,
in which case the extra processing would matter less.

thanks,
Pádraig






Last modified: Mon, 9 May 2022 13:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.