Targeted sha-1 collisions now apparently much more possible and cheaper with new research

How long till someone introduces an intentional cycle in a git repository? Anyone want to place bets on which one? My guess: the linux kernel, sometime in the next 1.5 years.

HT @rixx for the link

@cwebber question is, does the sha1 variant hardened against SHAttered detect this, and/or can it be improved to detect this?


@cwebber since git already uses that sha1 since SHAttered

@cwebber personally I assumed sha1 chosen-prefix attacks would be the next thing, and already hardened git-annex's use of git against them :P

@cwebber no, but basically have enough control over your data formats that there's no place to hide the added data that makes the collision happen

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!