Targeted sha-1 collisions now apparently much more possible and cheaper with new research https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
How long till someone introduces an intentional cycle in a git repository? Anyone want to place bets on which one? My guess: the linux kernel, sometime in the next 1.5 years.
HT @rixx for the link
@cwebber personally I assumed sha1 chosen-prefix attacks would be the next thing, and already hardened git-annex's use of git against them :P
@joeyh do you have a writeup somewhere on how you did so?
@cwebber no, but basically have enough control over your data formats that there's no place to hide the added data that makes the collision happen
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!