LINUX IS INSECURE ACCORDING TO WIKILEAKS

>>59337705

>"Quite frankly, it's not worth worrying about. It's a hell of a lot easier to just break a source archive with other means (ie, pay a developer ten million dollars to just insert the back door you want inserted)," he concluded.

>Linus Torvald is this retarded

holy shit

brb switching to Mercurial

Read about it already. I'm with Linus.

>>59337724
>pay a developer ten million dollars to just insert the back door you want inserted)
How does this compare to the cost of creating and deploying malicious collisions? Btw, this affects SVN too.

They're working to replace SHA1 they're just not too worried at the moment because to make a collision you have to append garbage data to the files and it's hard as fuck to do that discretely on source files that are viewed in text editors.

TempleOS is the ONLY secure OS now.

Sounds like me and Linux have a lot in common!!

Why is there no threads regarding Vault 7 leaks, this is technology board afterall.. or is it applel vs android vs nvidiots vs amdrones board now ?

>>59337705
you know what's insecure? your mom's asshole

>>59338234
Good post

>>59338233
>Why isn't there already a thread about something I want to discuss?
> Lets make my own thread
> Naw, lets just shit up another thread, that'll make things better

File: 4494showing.jpg (49KB, 520x412px) Image search: [Google]

49KB, 520x412px

This is your last chance. After this, there is no turning back. You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes.

>>59338266
Because this thread is shit

>>59338233
lurk moar, retard

>>59337724
What a tard.
It's over, Torvalds is finnish.

everything that has ever been connected to the internet is unsafe, mongoloid, gnu/linux is just safer overall and the OS is not voluntarily spying on you and gathering your data, unlike apple and microsoft. Also it still is much better OS than win or mac

>>59337705
Only webkit devs are enough idiot to merge two binary file.

Why not just use SHA512? Is it hard or something?

>>59337705
dem good trap.
>OP IS INSECURE ACCORDING TO HIS BULLSHIT

>>59337705
anon@cottenpicker~$ sh /this/isnt/new/knowledge/faggot.sh

>>59338200
Underrated post.

>>59337705
why are we not talking about the fact that that hot chick is a man baby

Not gonna lie, former Linus supporter here. It's been hilarious watching this guy crash and burn. But in all seriousness, we can't let him control the kernel development any longer.

>>59338898
t. SJW psyops

You are not ever going to make a meaningful attack against a source repo via a hash collision.

>>59338197

it costs less than 10 million to crack SHA1 and either way using money in any security related arguments is pretty dumb since money doesnt matter when state actors are involved.

>>59339043
Its not about "cracking" it. It's about covertly replacing one file in a git repo with another file that has that same hash. Git won't know they're different. the problem is how do you make a file with the same hash that actually contains something you want it to. Protip, you can't, and this is why Linus doesn't care.

Linus isn't a security expert; he's an engineer. he just wants to get shit working for him. A blessing and a curse for the rest of us.

It's being used as a glorified checksum, is it not? You still can't push changes without having them approved. SHA1 is worthless for encryption purposes. This much is true.

>I haven't seen the attack yet, but git doesn't actually just hash the
data, it does prepend a type/length field to it. That usually tends to
make collision attacks much harder, because you either have to make
the resulting size the same too, or you have to be able to also edit
the size field in the header.

>pdf's don't have that issue, they have a fixed header and you can
fairly arbitrarily add silent data to the middle that just doesn't get
shown.

>So pdf's make for a much better attack vector, exactly because they
are a fairly opaque data format. Git has opaque data in some places
(we hide things in commit objects intentionally, for example, but by
definition that opaque data is fairly secondary.

>Put another way: I doubt the sky is falling for git as a source
control management tool. Do we want to migrate to another hash? Yes.
Is it "game over" for SHA1 like people want to say? Probably not.

https://marc.info/?l=git&m=148787047422954&w=2

File: git.png (324KB, 1383x1050px) Image search: [Google]

324KB, 1383x1050px

>>59338659
>>59337724
you guys are too much.

>>59337705
wtf that's really a tranny damn

>>59339500
Can you explain what your pic means?

>>59338202
>ring-0

>>59339614
>no network stack
Fuck off CIA nigger.

>>59338202
this

there is absolute no mention of TempleOS in the vault7 leaks

>>59339627
Only FBI could care about him.

>>59339639
Use DOS.

>>59338335
>You take the red pill - you stay in Wonderland and I show you a sea of nigger cattle in the rabbit-hole.

>>59337705
who is that shitskin in the background

>>59339683
Random faggot.

File: 15306009_1697570723836874_1518506522387152896_n.jpg (98KB, 750x937px) Image search: [Google]

98KB, 750x937px

>>59339576

whoah

>>59339699
what if they're really married? wew

>>59339719
science has gone too ___

File: 14474155_953517138127311_1873766395838201856_n.jpg (100KB, 1080x1349px) Image search: [Google]

100KB, 1080x1349px

>>59339719

Hands off, she belongs to Pajeet

File: allyrose 3.jpg (34KB, 480x480px) Image search: [Google]

34KB, 480x480px

>>59339730
>science has gone too ___

boneriffic

>>59339759
No anymore.

>>59339759
>she

>>59339772
i donno mane, i'd be pretty afraid of putting my dick into a mutilated ballsack

but everything else is OK

>>59339787
why? did they break up?

File: 13187948_492798424245503_1081090254_n.jpg (136KB, 1080x1080px) Image search: [Google]

136KB, 1080x1080px

>>59339825

He's bullshitting

>>59339910
is that a pajeet or an abu hajaar

File: 89354cae258257c299597bf3b7ae9fb6.jpg (60KB, 640x640px) Image search: [Google]

60KB, 640x640px

>>59339972

Indian programmer

>>59340433
how do you know

>>59339910
It's on her site. Her boipucci is now free.

>>59338659
Well, yeah.

>>59337705
ctrl-f
no wikileaks
the article is about git and source code

>>59340815

It's related to the Wikileaks releases

>>59338234
BAM

>>59337705
wtf i hate linux now

i am now a #WindowsWarrior

>>59338846
Is there any logical reason why you would fucking say that post is underrated? Has anybody expressed any kind of dissatisfaction or criticism at all against it? Are you delusional? Are you reading replies that are nonexistant? Maybe you come from communities with voting systems, but there is literally no way that you could know what other people think of that post you just replied to here. Maybe it's psychological. Maybe it's your own post you're replying to, like a 12 year old fucktard liking his own facebook posts thinking his swelling autism is going unnoticed. Maybe your self esteem depends on you tricking yourself into thinking someone out there thinks your post is worth something. Or maybe you are just a retard, the worst kind of retard, the one who thinks he's smart, the one who thinks he's the only one to have gotten the joke, to have understood the post. Well, guess what, faggot, that post is under no definition underrated so why don't you do the world a favor and go check out what the bottom of your toilet smells like?

>>59340970

#windowsinsider

>>59339602
It means you need to git the fuck out now.

>>59339759
Pajeets are natures rejects so it makes sense.

>>59340970
Welcome to the team!

>>59337705
sha1 collision was recent, op is a fag and a systemd user.

I know as *he's my boy pussy.

File: 1459514914123.png (1MB, 817x763px) Image search: [Google]

1MB, 817x763px

>>59338888
This. Also checked.

>>59339759
>>59340575
>she
>her

File: indian_guy_poster-r8e60745ee46743ef849610bba9ac98bd_w2q_8byvr_324.jpg (26KB, 324x324px) Image search: [Google]

26KB, 324x324px

>>59341124
Pajeets are actually natures sweetest nectar.

>>59341189
10 Rupees have been deposited in your account Hijab. Keep up the good work.

>>59338197
Look at bitcoin, it's been subverted by bribing developers. And so what you might get a collision but what are the chances you can change a whole release, you would have to have back end access to the git repo. And that's assuming people aren't going to see it when they download and build from source.

>>59337705
>sha-1 and linux are literally the same thing

fuck of shill

>>59340994
>Underrated can only mean it doesn't have any critisism.
Maybe the guy thinks it deserves more positive feedback.

>>59338200
Because the attack is close hash attack there are layers of possible defense.

First of all the garbage must be inserted before an actual timely swapping of the file, and this garbage must be signed off on (since it must be a legit change) to produce the bad (close pack) hash.

The close hash areas are known. They can be simply denied by a checker in the program. So CIA would try to insert the garbage and all these big red warnings would come up pointing to the garbage and how it created a close hash.

This is even before the substitution operation that would allow for an actual code insertion, where altered code with the same bad hash number is inserted.

This is one of those "OH NOES so bad security look what I found" when really its nothing just poor Linuxtard developer crying for attention.

>>59337705
>tfw import more third world sub 60IQ Somalian Muslims.

>>59339243
>Protip, you can't, and this is why Linus doesn't care
the flame virus used an md5 collision attack to be detected as a whitelisted program by virus scanners.

I'm not sure about SHA1, but it's probably possible with it too.

>>59337724
He's not retarded, he's just a shill.

>>59338697
>pretending it's hopeless
These leaks reveal that some platforms are more secure than others, for example there were tons of Windows attacks but relatively few Unix attacks.

File: 1484595501838.jpg (5KB, 250x250px) Image search: [Google]

5KB, 250x250px

>>59337724
>pay a developer ten million dollars to just insert the back door you want inserted)," he concluded.

WHAT IF THEY GOT TO HIM!?

>>59341540
That's md5 which is a much weaker hash, and there's plenty of room to hide garbage for hash collisions inside an executable file. Git inserts metadata that affects the hash, which makes collisions much much harder. And the SHA-1 collision published by Google made two identical .pdf files, which are files that have a LOT of room to put garbage data to cause collisions in. Making say, two C source files with the same hash, without one being very obviously corrupted, is a much different story.

>>59341540
That virus was apparently fuckhuge though. They probably just kept appending data to it until they found something that worked. That wouldn't really work here when the source code of the files is in plain view. The devs would also notice if one file suddenly grew like 1000% with one commit

>>59338197
Costs $2500 to perform a collision. $2000 is a fixed cost and $500 is the average cost per collision.

>>59338200
That's inaccurate. The point is not to get a backdoor accepted, it's to get a user to download the malicious code without being able to notice that it is actually a compromised version, as they wouldn't run git diff HEAD~2 HEAD~1 or whatever. Note also that the payload can be inserted anywhere in the history which makes it even harder to find out. This type of attack would be deployed not against devs but rather against automated build systems.

File: tumblr_ob1lrwD2sn1sg0sjoo1_500.jpg (100KB, 500x667px) Image search: [Google]

100KB, 500x667px

>>59341941

yes

>>59342027
>Making say, two C source files with the same hash, without one being very obviously corrupted, is a much different story
couldn't you just stick an enourmous comment in the middle of the C file?

I suppose the things that would have to occur to sneak something like that into a git repo would be near impossible though.

File: 1486866780183.jpg (130KB, 600x620px) Image search: [Google]

130KB, 600x620px

>>59342179
>pulling numbers out of your ass

>>59342364
Suffice is to say that those were not pulled out of my ass.

File: Screenshot_142.png (936KB, 644x644px) Image search: [Google]

936KB, 644x644px

>>59342388

>>59342198
Did you read SHAttered? It's hard to do in any context where length is a known quantity. PDF is an ugly format which doesn't have that encoded early so you can fuck with shit.
Perhaps NSA have developed it further, we have to assume so, but come on now... it's git... "security journalists" are bottom barrel scum who love to mislead, kill em all.

>>59342199
So does this "Ally" still have the penis or not? I need to know.

File: 12081285_779433572182114_1180089606_n.jpg (70KB, 640x640px) Image search: [Google]

70KB, 640x640px

This kills the erection

>>59337705
>shilling free software
what

>>59338775
>Why not just use SHA512?

I don't understand this either.

My 6 year old CPU can run sha512sum at 272MB/s. It can run sha1sum at 502MB/s. That's 3.7s and 2s for a 1GB file. The tar I have containing the source code for linux is 90MB.

Why use sha1? Hell why even use sha256? Sure 256 hasn't been broken yet but why not go with it? How is the 120ms saved an issue?

Also I have no idea why but sha256sum runs slower than 512 on my computer. What's gonig on there? I'm running it on 1GB of random data in a ramfs mount.

>>59340994
>>>59338846
>Is there any logical reason why you would fucking say that post is underrated? Has anybody expressed any kind of dissatisfaction or criticism at all against it? Are you delusional? Are you reading replies that are nonexistant? Maybe you come from communities with voting systems, but there is literally no way that you could know what other people think of that post you just replied to here. Maybe it's psychological. Maybe it's your own post you're replying to, like a 12 year old fucktard liking his own facebook posts thinking his swelling autism is going unnoticed. Maybe your self esteem depends on you tricking yourself into thinking someone out there thinks your post is worth something. Or maybe you are just a retard, the worst kind of retard, the one who thinks he's smart, the one who thinks he's the only one to have gotten the joke, to have understood the post. Well, guess what, faggot, that post is under no definition underrated so why don't you do the world a favor and go check out what the bottom of your toilet smells like?
Is this a new pasta

Aight. It was good knowing y'all.

dd if=/dev/zero of=/dev/hda bs=666

>>59342566
>Also I have no idea why but sha256sum runs slower than 512 on my computer
I don't know the details of each algorithm, but speed is not proportional to hash size

>>59342727
>2017
>/dev/hda

>>59342566
>Also I have no idea why but sha256sum runs slower than 512 on my computer. What's gonig on there?
I don't know but it sounds like it's worth investigating.

>>59340994
saved to my pasta folder

>>59340994
>that post is under no definition underrated
what did the faggot mean by this?

anything connected to external networks is insecure

>>59342388
It's not sufficient for you to merely say it.

>>59338234
this

>>59338621
lol

>Do we want to migrate to another hash? Yes.
clickbait supreme
sageru bait chan

>>59340994
Is there any logical reason why you would fucking say that post is bad? Has anybody expressed any kind of dissatisfaction or criticism at all against it? Are you delusional? Are you reading replies that are nonexistant? Maybe you come from communities with voting systems, but there is literally no way that you could know what other people think of that post you just replied to here. Maybe it's psychological. Maybe it's your own post you're replying to, like a 12 year old fucktard liking his own facebook posts thinking his swelling autism is going unnoticed. Maybe your self esteem depends on you tricking yourself into thinking someone out there thinks your post is worth something. Or maybe you are just a retard, the worst kind of retard, the one who thinks he's smart, the one who thinks he's the only one to have gotten the joke, to have understood the post. Well, guess what, faggot, that post is under no definition bad so why don't you do the world a favor and go check out what the bottom of your toilet smells like?

>>59337705
I bet you think that running Windows makes you more secure.

Why am I replying to this shitty thread? It's just another shitpost, using a female to get attention. Sad really, this appears to be a trend now among OPs -- Can't make a good thread? just attach a woman, that will get me my attention!

103 replies to a quote that has nothing at all to do with WL, NOTHING. It's about Git commits, and Torvalds has good justification for using SHA1.

If you think GNU/Linux is insecure, audit it, or, use something else. It's not secure, it's all in how you use it.

When the facts change his opinion changes.
What do you do?

I'm surprised more of you don't run OpenSUSE since it is based off SUSE which is owned by Microfocus, a company that specialises in security and enterprise tech/software, and OpenSUSE has one of the most competent dev teams.

Never actually used it myself, just a thought

>>59337705

it costs $100,000US to generate a collision and it's cheaper to bribe a dev to insert a backdoor OR to try to find your own, but why would you knowingly let this vulnerability persist for over a decade when the cost of implementing the fix is so low? i think it's dumb to stick with something that you know is breakable and leave an obvious attack vector open even if the vector is expensive. linux powers stuff worth way more than $100,000US.

>>59344436
>it costs $100,000US to generate a collision
see
>>59342364

>>59337705
>that's a man

What the fuck? Is this just some amazing makeup? This fucking guy looks more feminine than most girls.

>>59339500
it's a compilation of advanced commands for 'git'

as far as we know, git is some kind of advanced game created for the amusement of highly intelligent beings

>>59344534
Read the shattered paper.

>The monetary cost of computing the second block of the attack by renting Amazon instances can be estimated from these various data. Using a p2.16xlarge instance, featuring 16 K80 GPUs and nominally costing US$ 14.4 per hour would cost US$ 560 K for the necessary 71 device years.
>It would be more economical for a patient attacker to wait for low “spot prices” of the smaller g2.8xlarge instances, which feature four K520 GPUs, roughly equivalent to a K40 or a GTX 970. Assuming thusly an effort of 100 device years, and a typical spot price of US$ 0.5 per hour, the overall cost would be of US$ 110 K.

>wake up
>update this post
>that qt trap is buried in between in all these ganoo/loonix fag posts

REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE GET OUT GET OUT

>>59337724
>>59337705
/g/ is the most delusional bunch of fucking retards on the internet. Linus realizes nobody checks SHA-1 hashes anyways, and the CIA would be fucking retarded to inject something into the linux kernel which far too many billion dollar companies are invested in.

File: 12328058_1300848346596405_2041033740_n.jpg (58KB, 750x542px) Image search: [Google]

58KB, 750x542px

>>59344599
No shame anon

>>59345514
>CIA would be fucking retarded to do something they've already done
You're a special kind of retard, anon.

>>59345514
>the CIA would be fucking retarded to inject something into the linux kernel which far too many billion dollar companies are invested in
>implying these companies and the CIA are not all cozy and haven't been all along

>>59345523
can i [spoiler]fuck[/spoiler] her

>>59337705
https://bugs.webkit.org/show_bug.cgi?id=168774#c27
>Webkit just killed their SVN repository by trying to commit a SHA-1 collision attack sensitivity unit test.

APPLE IS FINISHED

>>59345808
first of all it's a he

>>59345850
if it's a he that would make me a homo and i ain't having that

>>59339500
git gud

Why are his eyeballs so huge

>>59345910
because he writes enterprise quality fizzbuzz all day

>>59337705
Wait, hold up.

If she's a trap, and that guy's a muslim...

was she thrown off a rooftop?

>>59346002
he's a pajeet

File: 14733155_331102553912640_1483447541868527616_n.jpg (102KB, 640x640px) Image search: [Google]

102KB, 640x640px

>>59346060
this
>>59346002
>not knowing that trannies are standard fare at every good Hindu family's wedding
>not knowing that trannies are believed to have mystical powers in pooland

i wish i was making this shit up

https://www.youtube.com/watch?v=_peUxE_BKcU

>>59346183
not every wedding, just five states in south india

>>59346195
i know i'm not a bihari

>>59346216
where u from bro

>>59342340
Comments are removed when compiling. So you'd have the same result file, thus the same hash. Unless you actually compile yourself, but this is an equivalent of downloading a malware and executing it. And there's no protecting users from their stupidity. What you could do is add an unused function and keep altering it until you get the same hash as the original. You also have to worry about having the same filesize as the original, and giving it at least a very similar functionality to the original. This isn't really an easy task.

>>59346221
wisconsin

>>59338202
Is TempleOS, dare I say, our OS?

File: 1489014314059.jpg (126KB, 1040x432px) Image search: [Google]

126KB, 1040x432px

>>59346283
>a challenger appears
http://9front.org/propaganda/

>>59337705
Git is """""""insecure"""""""" -> Linux is insecure.

Nice induction there Mr. Logicsman

>>59346305
Wtf I hate Terry now!

>>59346221
r u a hot brown boy like me

>>59346282
are you indian too?

>>59346338
nah i'm white but i had indian neighbors growing up

you guys are cool but damn, if you know what i'm saying

>>59346385
yeah, i know. that's just the way it is

>>59346385
Once my Indian neighbor said to me, "I'm a better man than you are."
I said that that I never said he wasn't but asked why he thought he was.
He said, "I haven't got any Indians living next door to me."

>>59346524
lol

>>59346385
It's disgusting watching them shit on their lawn everyday.

File: Screenshot_20170311-115553.png (907KB, 1080x1920px) Image search: [Google]

907KB, 1080x1920px

>>59338802

>>59346564
cute

>>59346524
That's the old husband and wife joke.
Hubby claims to be smarter because he married the wife while she is stuck with him.

>>59347074
I stole it from this guy:

https://www.youtube.com/watch?v=NTMylmTuHCk