Preserving the global software heritage
Preserving the global software heritage
Posted Jul 11, 2016 14:22 UTC (Mon) by hkario (subscriber, #94864)In reply to: Preserving the global software heritage by flussence
Parent article: Preserving the global software heritage
the problem is that malicious users can create SHA-1 collisions, RIPEMD-160 is not much better (yes, it moves the problem few years in the future, but it does not eliminate it)
you simply should not use any kind of 160bit hash in current time, especially for a project that is just being deployed
Posted Jul 11, 2016 22:09 UTC (Mon)
by flussence (guest, #85566)
[Link]
Preserving the global software heritage
I'm at a loss to what the real security issue of weak hashes on a public dataset is. Can you give examples?