Targeted sha-1 collisions now apparently much more possible and cheaper with new research https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
How long till someone introduces an intentional cycle in a git repository? Anyone want to place bets on which one? My guess: the linux kernel, sometime in the next 1.5 years.
HT @rixx for the link
@cwebber question is, does the sha1 variant hardened against SHAttered detect this, and/or can it be improved to detect this?
@cwebber since git already uses that sha1 since SHAttered
@cwebber personally I assumed sha1 chosen-prefix attacks would be the next thing, and already hardened git-annex's use of git against them :P
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!