|
|
Subscribe / Log in / New account

Announcing the first SHA1 collision

Announcing the first SHA1 collision

Posted Feb 24, 2017 1:10 UTC (Fri) by excors (subscriber, #95769)
In reply to: Announcing the first SHA1 collision by joey
Parent article: Announcing the first SHA-1 collision

Why not just upload the malicious version directly to git.kernel.org? It's not like anybody is going to notice the backdoor in your binary patch anyway.

If they do review it at all, the only thing they could reasonably do is compare against a vendor-supplied version of the firmware (under the necessary assumption that the vendor is trusted), but then they'd notice your collision-friendly non-backdoored version doesn't match the original, and it would be hard to justify why you added random bytes onto the end, so you still wouldn't get any real benefit from your colliding files.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds