Targeted sha-1 collisions now apparently much more possible and cheaper with new research https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
How long till someone introduces an intentional cycle in a git repository? Anyone want to place bets on which one? My guess: the linux kernel, sometime in the next 1.5 years.
HT @rixx for the link
@cwebber personally I assumed sha1 chosen-prefix attacks would be the next thing, and already hardened git-annex's use of git against them :P
@joeyh do you have a writeup somewhere on how you did so?
@cwebber no, but basically have enough control over your data formats that there's no place to hide the added data that makes the collision happen