Nlnet funding for transitioning out of SHA-1

Raphaël Gomès raphael.gomes at octobus.net
Wed Jan 15 16:53:06 UTC 2020


Hello all,

As you all know, we have to transition out of using SHA-1 for Mercurial 
(https://www.mercurial-scm.org/wiki/SHA1TransitionPlan). While a known 
mitigation has been introduced by a few of Augie's patches, we still 
have to act on that transition.

The Nlnet foundation has a program (https://nlnet.nl/PET/) for 
sponsoring privacy and trust enhancing technologies, category which this 
aspect of Mercurial falls into. Someone whose identity remains unclear 
came to the #mercurial IRC channel to tell us to send a submission.

The latest "sha-mbles" attack is the stingy reminder that we need to 
take care of this before it is too late. Getting explicit funding is a 
great way to move forward and ensure Mercurial does not become a 
security liability in the near future.

The deadline for submission is Feb 1st, so we have to move fast.

The NLnet process is fairly light. Here are the things that we need 
think about as a community for this submission:
     - Project abstract (1200 chars)
     - The requested amount ranging from 5k to 50k€ (with details on how 
it is going to be spent).
     - Comparison with other efforts (probably a comparison with what 
git did)
     - Explanation of the technical challenges. Probably a mix of:
         - Mercurial is a 15 year old code base with strong 
compatibility guarantees
         - A smooth but secure transition is going to be hard

The first step here is to sketch a high-level plan of the steps we need 
to take to transition out of SHA-1. The actual details (which algorithm, 
rehashing/compatibility, etc) can be dealt with while the work is 
actually being done.

Right now I can see the following high level steps

     - Update the core code to be able to deal with multiple hashing 
functions
     - Update the network protocol to deal with multiple hashing functions
     - Update the on-disk format to deal with larger hashes
     - How to deal with backwards and forwards compatibility with 
regards to both repositories and client/server (wire protocol changes, etc.)
     - How changing hashing functions impacts the user experience (from 
additional steps to UI getting broken)
     - Help extensions to migrate if need be
     - Actually select a new hash function

Am I missing anything? How do you all feel about this?

Thanks,
Raphaël



More information about the Mercurial-devel mailing list