Git Hash Chain Malleability
7 hours ago
- #Hash Malleability
- #Cryptographic Vulnerabilities
- #Git Security
- Git commit signing does not guarantee unique and immutable identification, as attackers can produce distinct commits with identical trees, metadata, valid signatures, and 'Verified' badges without breaking SHA2 or accessing signing keys.
- Three malleation routes are demonstrated: algebraic inversion for ECDSA signatures, insertion of unhashed OpenPGP subpackets for RSA and EdDSA, and non-canonical DER length re-encoding inside CMS envelopes for S/MIME.
- These methods affect hash-based commit blocking, dependency pinning in systems like Nixpkgs and Go modules, and reproducible-build systems that rely on commit hashes as content-addressable keys, with proof-of-concept tooling provided.