{"id":812,"date":"2019-01-26T11:24:11","date_gmt":"2019-01-26T10:24:11","guid":{"rendered":"https:\/\/blogs.gentoo.org\/mgorny\/?p=812"},"modified":"2019-01-26T11:25:19","modified_gmt":"2019-01-26T10:25:19","slug":"attack-on-git-signature-verification-via-crafting-multiple-signatures","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/mgorny\/2019\/01\/26\/attack-on-git-signature-verification-via-crafting-multiple-signatures\/","title":{"rendered":"Attack on git signature verification via crafting multiple signatures"},"content":{"rendered":"<p>This article shortly explains the historical git weakness regarding handling commits with multiple OpenPGP signatures in git older than v2.20.  The method of creating such commits is presented, and the results of using them are described and\u00a0analyzed.<\/p>\n<p><a rel='external' href='https:\/\/dev.gentoo.org\/~mgorny\/articles\/attack-on-git-signature-verification.html'>Continue reading<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article shortly explains the historical git weakness regarding handling commits with multiple OpenPGP signatures in git older than v2.20. The method of creating such commits is presented, and the results of using them are described and\u00a0analyzed. Continue reading<\/p>\n","protected":false},"author":137,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[10],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/812"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/users\/137"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/comments?post=812"}],"version-history":[{"count":1,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/812\/revisions"}],"predecessor-version":[{"id":813,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/posts\/812\/revisions\/813"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/media?parent=812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/categories?post=812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/mgorny\/wp-json\/wp\/v2\/tags?post=812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}