Profile cover photo
Profile photo
Mika Hirvonen
Mika's posts

Post has shared content
According to Torvalds, the SHA-1 collision issue does require changes to git, but it's easy to detect and hard to cause any damage with.
I thought I'd write an update on git and SHA1, since the SHA1 collision attack was so prominently in the news.

Quick overview first, with more in-depth explanation below:

(1) First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git.

(2) Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation.

(3) And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories.

Anyway, that's the high-level overview, you can stop there unless you are interested in some more details (keyword: "some". If you want more, you should participate in the git mailing list discussions - I'm posting this for the casual git users that might just want to see some random comments).

Anyway, on to the "details":

(1) What's the difference between using a hash for security vs using a hash for object identifiers in source control management?

Both want to use cryptographic hashes, but they want to use them for different reasons.

A hash that is used for security is basically a statement of trust: and if you can fool somebody, you can make them trust you when they really shouldn't. The point of a cryptographic hash there is to basically be the source of trust, so in many ways the hash is supposed to fundamentally protect against people you cannot trust other ways. When such a hash is broken, the whole point of the hash basically goes away.

In contrast, in a project like git, the hash isn't used for "trust". I don't pull on peoples trees because they have a hash of a4d442663580. Our trust is in people, and then we end up having lots of technology measures in place to secure the actual data.

The reason for using a cryptographic hash in a project like git is because it pretty much guarantees that there is no accidental clashes, and it's also a really really good error detection thing. Think of it like "parity on steroids": it's not able to correct for errors, but it's really really good at detecting corrupt data.

Other SCM's have used things like CRC's for error detection, although honestly the most common error handling method in most SCM's tends to be "tough luck, maybe your data is there, maybe it isn't, I don't care".

So in git, the hash is used for de-duplication and error detection, and the "cryptographic" nature is mainly because a cryptographic hash is really good at those things.

I say "mainly", because yes, in git we also end up using the SHA1 when we use "real" cryptography for signing the resulting trees, so the hash does end up being part of a certain chain of trust. So we do take advantage of some of the actual security features of a good cryptographic hash, and so breaking SHA1 does have real downsides for us.

Which gets us to ...

(2) Why is this particular attack fairly easy to mitigate against at least within the context of using SHA1 in git?

There's two parts to this one: one is simply that the attack is not a pre-image attack, but an identical-prefix collision attach. That, in turn, has two big effects on mitigation:

(a) the attacker can't just generate any random collision, but needs to be able to control and generate both the "good" (not really) and the "bad" object.

(b) you can actually detect the signs of the attack in both sides of the collision.

In particular, (a) means that it's really hard to hide the attack in data that is transparent. What do I mean by "transparent"? I mean that you actually see and react to all of the data, rather than having some "blob" of data that acts like a black box, and you only see the end results.

In the pdf examples, the pdf format acted as the "black box", and what you see is the printout which has only a very indirect relationship to the pdf encoding.

But if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice.

Similarly, the git internal data structures are actually very transparent too, even if most users might not consider them so. There are places you could try to hide things in (in particular, things like commits that have a NUL character that ends printout in "git log"), but "git fsck" already warns about those kinds of shenanigans.

So fundamentally, if the data you primarily care about is that kind of transparent source code, the attack is pretty limited to begin with. You'll see the attack. It's not silently switching your data under from you.

"But I track pdf files in git, and I might not notice them being replaced under me?"

That's a very valid concern, and you'd want your SCM to help you even with that kind of opaque data where you might not see how people are doing odd things to it behind your back. Which is why the second part of mitigation is that (b): it's fairly trivial to detect the fingerprints of using this attack.

So we already have patches on the git mailing list which will detect when somebody has used this attack to bring down the cost of generating SHA1 collisions. They haven't been merged yet, but the good thing about those mitigation measures is that not everybody needs to even run them: if you host your project on something like or, it's already sufficient if the hosting place runs the checks every once in a while - you'll get notified if somebody poisoned your well.

And finally, the "yes, git will eventually transition away from SHA1". There's a plan, it doesn't look all that nasty, and you don't even have to convert your repository. There's a lot of details to this, and it will take time, but because of the issues above, it's not like this is a critical "it has to happen now thing".

Post has attachment
It's that time of the year again.

2 Photos - View album

Post has attachment
With all of my weapons upgraded to +5, the titular drakes in the Valley of the Drakes started dying in a reasonable time. I've also grown pretty fond of the long bow, which proved to be pretty useful in the immediate future.

First, I cleared out the crystal giants in Darkroot Basin. Their pathing does leave a lot to be desired. If you hug the left side when you approach from the Darkroot Basin bonfire, the closest giant will fall off a ledge and can't seem to climb back up. That leaves it pretty vulnerable to ranged attacks. The others don't do that well either. I'm not sure whether the Hydra will actually aim at the giants, but it sure seemed to twoshot any giant still alive when I started approaching it.

At first I wasn't sure what to do with the Hydra. The water blasts were nearly fatal, and I couldn't make head or tails on whether the Hydra was properly aiming or just dousing the entire area at random. I eventually discovered that you could bait it to attack by lunging at you, which resulted in the heads getting stuck in the ground for a moment, leaving them wide open for attack. However, once there were just two heads remaining, I started having difficulties reaching them in time before they retracted. And apparently the titular basin is a cleverly disguised instant death pit, because the base of the Hydra was unreachable. So I had to plink the last few heads to death with the bow.

Next up was Blighttown. Because I had already found both entrances, I chose to use the one in the Valley of the Drakes, because it sure looked like the rear entrance. Dealing with the blowdart snipers and the flies in the dark, narrow and rickety platforms was harrowing, but I eventually made it all the way down to the bonfire.

I do have a few gripes, though. I get that the whole point of the place is to make you panic, overreact and fall when an unexpected enemy surprises you on a narrow platform. But it isn't always clear which platforms are usable and which aren't. I found a few places where the platform below was not far enough to even cause fall damage and even had enemies on it, but trying to drop down would still result in an instant death. Also, putting a water wheel that you can't step on next to one that you can use as a paternoster is just mean. Finally, the flies' AI doesn't work properly with floors. If you approach them from above like I did, they will try to attack you through the floor, and hitting them back is not as simple as it seems.

Still, I did get around 40k souls from the trip, and despite it usually being the norm, I didn't lose any souls due to dying again when corpserunning. So I bought the Crest of Artorias. Apparently the next thing I should do is to stab his pet wolf.

3 Photos - View album

Post has attachment
Night in the Woods was released today.

Mae, a college dropout returns home to a little town, reacquaints herself with her old friends and stumbles upon a severed arm.

I have no idea where the plot is going, but I do like the dry wit and the stylizized graphics. Those big cat eyes can be really expressive.

My problem is that videogame logic tells me to interact with anything and everything and only progress the plot when all other options have been exhausted. And whenever I¨m forced to do so, I'm tempted to save and quit the game. It's as if I'm afraid of enjoying it too quickly and not wringing out every little bit of entertainment out of it.

Post has attachment
The Bell Gargoyles is an interesting fight with three possible outcomes.

The first alternative is that you stab the first gargoyle in the tail, get yourself a new weapon and finish the fight so quickly that you forget to record it with Shadowplay.

Or you can get stunlocked by the flame breath from one gargoyle while the other mauls you to death.

Or the gargoyles zone you off the roof with their fire breaths.

Naturally, I experienced all three.


Post has attachment
The Gaping Dragon has one of the best intro cutscenes in any of the Dark Souls games. Sadly, the fight mechanics aren't that interesting.

I haven't gotten any Titanite Shards in a while, so I had to fight the Gaping Dragon with an un-upgraded spear. Just like with the Amygdala or the One Reborn, you can just place yourself near a rear limb and plink away. The dragon does have a selection of swipes, rushes, slams, temper tantrums and even an area-of-effect attack, but the fatal flaw is that it has no attacks that reach the hind leg. All it can do is to either take the hits or to fly up and attempt to slam down. But even the slam has a very generous wind-up time, so it's pretty easy to just back off a bit and then run back to the hind leg before the boss can attempt a swipe.

In Bloodborne, this issue was mostly solved by giving bosses attacks that start at the front and end in the opposite direction. Or extending regular swings so that they cover 270 degrees or more. Or just make the jumps faster and less predictable.

3 Photos - View album

Post has attachment
I'm starting to appreciate the level design in Dark Souls.

After the initial hump of Undead Burg, the map is opening up. The glowing door in Darkroot Garden is still locked, but apparently it leads to the Artorias of the Abyss DLC, so I better leave it alone even if I farmed the souls for the key. Darkroot Garden also has a route to Darkroot Basin, which in turn leads back to.. Undead Burg. Huh. Apparently the door Havel the Rock was guarding can be avoided altogether. There was a hydra in the distance and some very WoW-esque crystal elementals, so I left them alone for now. I also found a lift to the Valley of the Drakes. My weapons only do around 10-20 damage per hit and the drakes have more than a thousand hitpoints. I could probably kill one, but they don't seem to be worth the trouble at this time.

So, I returned back to the Firelink Shrine. While the map layout strongly implies that you should go to Undead Burg first, there are other paths open straight from the beginning. One leads to a graveyard, where the skeletons with somewhat familiar move sets are way too fast to whittle down. And as usual, I don't have nearly enough DPS output to deal with them effectively. I'm starting to second-guess my choice of stat allocation. The bandit's knife and high dexterity simply doesn't seem to do enough damage if backstabbing is not an option.

The third path out of Firelink Shrine is an elevator that leads down to New Londo Ruins, a partially flooded city. The local undead aren't aggressive, but I don't know how to deal with the ghosts yet. New Londo also has a secondary path to.. Valley of the Drakes. It seems to be some kind of a hub level, because I also found an entrance to an area called Blighttown. Apparently it's a rear entrance, because the guards all faced the wrong way. They could be backstabbed, but I'm not sure I could take them down in anything crampier the long corridor I found them in. So I didn't venture further.

Finally, I started trying out the doors in Undead Burg. And one of them actually opened. There was some kind of a dining area down there, and the meal of the day seemed to be a pyromancer. If weapons don't seem to do enough damage, maybe spells will?

The kitchen area had a very dark hidden path that dropped down to an extensive sewer area. The rats and the basilisks are pretty familiar enemies by now, and the slimes were not a surprise either. But apparently neither my knife or the spear can reliably hit them. I really don't want to resort to the great axe that served me so well in Dark Souls 3. While I did have to clear a lot of the sewers with no estus flasks left, I did eventually find the bonfire of the area and a shortcut back up. I think I'll continue exploring there next time.

7 Photos - View album

Post has attachment
The Moonlight Butterfly is pretty, but not at all fun to fight. Sure, it can select to use the fast spear attack over and over until you fail dodging it. But the most frustrating part is when it just flies around or switches sides over and over. Even if you know you already messed up, you'll just have to wait until the Butterfly allows you to do something. I guess I really have to have a spell or a bow as the secondary weapon.


Post has attachment
I killed the Capra Demon, although I'm not sure why. The combat "arena" was a very cramped room and the two regular dogs accompanying the demon were more troublesome than the boss itself. But the arena doesn't seem to lead anywhere. I did get a key, but I haven't found any place to use it´yet.

Oh, and the way to the Capra Demon had two encounters with literal monster closets. The direct path to the Capra Demon from the Undead Burg bonfire goes through a narrow city street with locked doors. When you go past a certain point three doors around you open and you're ambushed by three parry-happy thieves. Twice.

I did find Andre the Blacksmith, and I can now reinforce weapons. Of course I had to buy the ability to do that at a bonfire, and I couldn't afford the armor equivalent. Past Andre was a Titanite demon, but I don't think I'm supposed to kill it yet. It's health bar doesn't even budge, and I cannot chain-backstab it like I did with Havel.

Past the Titanite demon was a seemingly serene forest with sleeping golem knights.. who also didn't seem to take any damage. But since they're very slow to wake up, I could just run past them. I have now idea what the floating white circle sprites are, but I kept my distance from them just in case. The tree guys were killable, but even those take about twelve hits from the knife. I guess the "every weapon is viable when upgraded" design guideline isn't in effect yet?

And behind all that was the next boss, Moonlight Butterfly. So far the boss design hasn't impressed me, and the Moonlight Butterfly is annoying in a completely different way than the Capra Demon. The arena is a very narrow bridge, and the boss keeps hovering around it, safely beyond melee range. Arrows seem to do even less damage than my knife, but apparently the boss allows itself to be beaten by landing next to the bridge for a moment. The main difficulty seems to be that the closest bonfire is hidden behind an illusionary wall.

Oh, and I wouldn't have found it if the player-made messages hadn't suddenly started working after killing the Capra Demon. Is everything an upgrade?

3 Photos - View album

Gore Verbinski's A Cure for Wellness was excellent.

The CEO of a major financial company has gone AWOL at the eve of a big merger. According to his letter, he grew disgusted with his current lifestyle and checked himself into a treatment center frequented by the rich and the powerful, away from the stress of the world. And because his trusted top salesman just worked himself to death, he may have a point. But the big wheels cannot be stopped, so the board of directors has no choice but to send an up-and-coming broker to get him back, by hook or by crook.

While the Swiss staff of the resort might be a bit too uptight, the residents seem friendly enough, so the broker decides to return to the guest house until the CEO is available to see him. But an unfortunate collision with a deer turns him from a visitor into a patient.

The movie gives away the main secret very early on, but the declining state of the protagonist keeps the audience guessing how the whole thing will play out. He is unquestionably suffering from delusions, but on the other hand sanity is not the best tool to decipher the complete truth about the facility. Still, proving to everyone that he actually needs treatment will only make him experience firsthand what the titular cure is all about.

Oh, and the movie saves the best for the last. Watch all the way to the last second.
Wait while more posts are being loaded