« All posts

Researchers Uncover Git Hash Chain Malleability in Signed Commits

New research shows signed Git commit hashes can be altered while keeping a valid signature and GitHub's Verified badge, undermining commit integrity assumptions.

A new security paper challenges a long-held assumption behind Git commit signing: that a commit's hash uniquely and immutably identifies its signed content. The researchers demonstrate that an attacker who lacks the signing key—and does not break SHA2—can still produce a second, distinct commit sharing the same tree and metadata, carrying a valid signature, and earning a 'Verified' badge on forges like GitHub. Only the commit hash differs, but that change cascades through every dependent commit hash downstream, a phenomenon the authors term 'hash chain malleability.'

The paper documents three concrete malleation techniques: algebraic inversion (s -> n-s) affecting ECDSA signatures, structural insertion of an unhashed OpenPGP subpacket (RFC4880 5.2.3) affecting RSA and EdDSA, and non-canonical DER length re-encoding (X.690 10.1) inside the CMS envelope for S/MIME. Notably, the algebraic inversion and subpacket insertion methods both pass local verification via git verify-commit, and all three approaches yield a persistent, independently verifiable 'Verified' record on GitHub.

The implications extend well beyond theory: hash-based commit blocking, dependency-pinning systems such as Nixpkgs, Go modules, and GitHub Actions, and reproducible-build pipelines that treat commit hashes as content-addressable primary keys are all potentially affected. The authors release proof-of-concept tooling automating all three attack routes, giving engineers a concrete reason to reassess supply-chain security assumptions built around commit hash immutability.