All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Git Commit Hash Malleability: Attackers Can Forge Verified Signatures Without Access to Signing Keys

By

[Submitted on 2 Jul 2026]

4h ago· 2 min readenInsight

Summary

This paper demonstrates a critical vulnerability in Git commit signing: an attacker can produce a second, distinct commit with identical tree, metadata, and a valid signature (including a "Verified" badge on GitHub) that differs only in its commit hash, without access to the signing key or breaking SHA2. The authors identify three malleation routes: algebraic inversion for ECDSA, structural insertion of unhashed OpenPGP subpackets for RSA/EdDSA, and non-canonical DER length re-encoding for S/MIME. They discuss consequences for hash-based commit blocking, dependency pinning (Nixpkgs, Go modules, GitHub Actions), and reproducible-build systems that treat commit hashes as content-addressable primary keys.

Source

Hacker NewsGit Commit Hash Malleability: Attackers Can Forge Verified Signatures Without Access to Signing Keysarxiv.org

Key quotes

· 5 pulled
We show this invariant does not hold.
Given any signed commit, an attacker without access to the signing key, and without breaking SHA2 can produce a second, distinct commit with an identical tree, identical metadata, a valid signature, and a ``Verified'' badge from a Git Forge such as Github, differing only in its commit hash.
The malleability in signed Git hashes is feasible due to the inherent malleability present in many of the data representations that make up a commit.
Algebraic inversion for ECDSA signatures and subpacket insertion were found to pass local verification (git verify-commit), and all three methods yield a persistent, independent ``Verified'' record on Github.
We discuss the consequences of Git hash chain malleation for hash-based commit blocking, dependency pinning (Nixpkgs, Go modules, Github Actions), and reproducible-build systems that treat the commit hash as a content-addressable primary key.
Snippet from the RSS feed
Git commit signing is widely entrusted to serve as evidence that a commit hash uniquely and immutably identifies a specific piece of signed content. We show this invariant does not hold. Given any signed commit, an attacker without access to the signing k

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.