joeyh

the end times (of git security) are here

joeyh at

"The new result demonstrates a collision in SHA-1. The researchers found two PDF files that have the same hash."

I tried to push the git devs toward having a switch to throw, or a transition plan for this day, but I failed. There has been some slow work being done to that end, so perhaps this will pick up the pace.

You can, however, check the new colliding PDFs into git-annex. Just don't use --backend SHA1 when you do.

Jakukyo Friel, Stephen Michael Kellat, Claes Wallin (韋嘉誠), Ben Sturmfels and 3 others likes this.

Stephen Michael Kellat, Stephen Michael Kellat, Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) and 1 others shared this.

Show all 8 replies

It's not a known preimage attack..

joeyh at 2017-02-24T07:16:18Z

Claes Wallin (韋嘉誠) likes this.

How does git stack up against bzr in the new dispensation after the SHA1 collision?

Stephen Michael Kellat at 2017-02-25T16:01:31Z