Targeted sha-1 collisions now apparently much more possible and cheaper with new research https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
How long till someone introduces an intentional cycle in a git repository? Anyone want to place bets on which one? My guess: the linux kernel, sometime in the next 1.5 years.
HT @rixx for the link
@cwebber question is, does the sha1 variant hardened against SHAttered detect this, and/or can it be improved to detect this?
@joeyh do you have a writeup somewhere on how you did so?
@cwebber no, but basically have enough control over your data formats that there's no place to hide the added data that makes the collision happen