From a091af71fc8161427f8d9553042d0bc41507fff7 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Fri, 24 Feb 2017 19:54:36 -0400
Subject: SHA1 collisions in key names was more exploitable than I thought

Yesterday's SHA1 collision attack could be used to generate eg:

SHA256-sfoo--whatever.good
SHA256-sfoo--whatever.bad

Such that they collide. A repository with the good one could have the
bad one swapped in and signed commits would still verify.

I've already mitigated this.
---
 CHANGELOG | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'CHANGELOG')

diff --git a/CHANGELOG b/CHANGELOG
index 9f3c22414..459937cfd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -33,8 +33,9 @@ git-annex (6.20170215) UNRELEASED; urgency=medium
     to wget, since curl is able to display only errors to stderr, unlike
     wget.
   * status: Pass --ignore-submodules=when option on to git status.
-  * Tighten key parser to mitigate against hypothetical SHA1 chosen-prefix
-    attacks. This ensures that signed git commits of annexed files
+  * Tighten key parser to prevent SHA1 collision attacks generating
+    two keys that have the same SHA1. (Only done for keys that contain
+    a hash). This ensures that signed git commits of annexed files
     will remain secure, as long as git-annex is using a secure hashing
     backend.
 
-- 
cgit v1.2.3