Maniphest T12464

Move away from SHA1 in Files
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	epriestley
	Mar 29 2017, 7:06 AM

Tags

Referenced Files

None

Subscribers

Tokens

"Y So Serious" token, awarded by chad.

Description

Files use plain SHA1 hashes in some cases, and an attack in this form may be possible in some situations now that a SHA1 collision is well-known:

Construct evil.exe and good.exe, which have the same SHA1 checksum.
Upload evil.exe first.
Give another user good.exe and convince them to upload it. Then, convince them to download it and execute it.
If the stars align, they may be served the file data for evil.exe instead of the data for good.exe.

I believe there are a lot of other intermediate issues and (3) is probably pretty suspicious in most situations, but we should move to a stronger hash in the next iteration on Files.

Revisions and Commits

rARC Arcanist
	D17622	rARCa59cfca5f190 Upgrade "arc upload" to use SHA256
	D17621	rARCc4e84550fcd3 Allow "arc upload" to work correctly if it can not hash content
rP Phabricator
	D17620	rP58011a4e8e7f Upgrade File content hashing to SHA256
	D17619	rP440ef5b7a7e4 Remove SHA1 file content hashing and make Files work without any hashing
	D17618	rP1e181f0781ca Deprecate "file.uploadhash"
	D17617	rP873b39be8211 Remove PhabricatorFile::buildFromFileDataOrHash()

Related Objects

Mentioned In: T12515: Upgrading: File Integrity Hashing and SHA1

Event Timeline

epriestley created this task.Mar 29 2017, 7:06 AM

Herald added a subscriber: eadler. · View Herald TranscriptMar 29 2017, 7:06 AM

epriestley moved this task from Backlog to vNext on the Files board.Mar 29 2017, 7:06 AM

epriestley added a revision: D17617: Remove PhabricatorFile::buildFromFileDataOrHash().Apr 4 2017, 9:32 PM

epriestley added a revision: D17618: Deprecate "file.uploadhash".Apr 4 2017, 9:40 PM

epriestley added a revision: D17619: Remove SHA1 file content hashing and make Files work without any hashing.Apr 4 2017, 10:24 PM

chad awarded a token.Apr 4 2017, 10:25 PM

epriestley updated the task description. (Show Details)Apr 4 2017, 10:34 PM

epriestley added a revision: D17620: Upgrade File content hashing to SHA256.Apr 4 2017, 10:38 PM

epriestley added a revision: D17621: Allow "arc upload" to work correctly if it can not hash content.Apr 4 2017, 10:48 PM

epriestley added a revision: D17622: Upgrade "arc upload" to use SHA256.Apr 4 2017, 10:54 PM

epriestley added a commit: rP873b39be8211: Remove PhabricatorFile::buildFromFileDataOrHash().Apr 4 2017, 11:18 PM

epriestley added a commit: rP1e181f0781ca: Deprecate "file.uploadhash".

epriestley added a commit: rP440ef5b7a7e4: Remove SHA1 file content hashing and make Files work without any hashing.Apr 4 2017, 11:22 PM

epriestley added a commit: rP58011a4e8e7f: Upgrade File content hashing to SHA256.

epriestley added a commit: rARCc4e84550fcd3: Allow "arc upload" to work correctly if it can not hash content.Apr 4 2017, 11:24 PM

epriestley closed this task as Resolved by committing rARCa59cfca5f190: Upgrade "arc upload" to use SHA256.Apr 4 2017, 11:56 PM

epriestley added a commit: rARCa59cfca5f190: Upgrade "arc upload" to use SHA256.

epriestley mentioned this in T12515: Upgrading: File Integrity Hashing and SHA1.Apr 6 2017, 11:24 PM