| |||||||||||||
Dealing with weakness in SHA-1Dealing with weakness in SHA-1Posted Jun 18, 2009 5:20 UTC (Thu) by leonov (subscriber, #6295)Parent article: Dealing with weakness in SHA-1
It would be very interesting to hear from anyone from git, given the central role that SHA-1 plays in the project. Are birthday attacks even a valid attack vector on a git repository?
(Log in to post comments)
Dealing with weakness in SHA-1 Posted Jun 18, 2009 6:58 UTC (Thu) by djpig (subscriber, #18768) [Link]
There have been some discussions on the git mailing list. I'm sure a little searching in the archives will turn up something useful.
Dealing with weakness in SHA-1 Posted Jun 18, 2009 10:11 UTC (Thu) by cortana (subscriber, #24596) [Link]
Joey Hess wrote about Git's use of SHA-1 on his blog at <http://kitenet.net/~joey/blog/entry/sha-1/>.
Dealing with weakness in SHA-1 Posted Jun 18, 2009 20:34 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
git will not overwrite things with the same hash, so if there were two different things that resulted in the same hash, the git repository doing the download would ignore the second item (and when asked for the second item would return the contents of the first item)
IIRC there is code in git (defaulted to off for perfomance reasons) that checks that files that have the same hash are actually the same and produces errors if they aren't
|
|||||||||||||