|
|
Subscribe / Log in / New account

Linus on Git and SHA-1

Linus on Git and SHA-1

Posted Feb 26, 2017 17:12 UTC (Sun) by welinder (guest, #4699)
In reply to: Linus on Git and SHA-1 by ttelford
Parent article: Linus on Git and SHA-1

>First off: How are you supposed to test against a SHA-1 collision when you don’t
>have one to test with?

It's very easy as I wrote: "the way you test it in the absence of an actual collision is to patch the hash function to return a the hash of file B when it encounters file A."

I.e., you are testing with a modified hash function SHA1' that is close enough to SHA1 that everything works with your existing repository, yet one for which you can easily find a collision because file A and B will have the same hash.

It's like testing upcoming leap seconds. You don't do it by time travel, but by lying selectively to the system. In the case of leap seconds, you lie about the current time. In the case of hash functions you lie about what the hash of a specific file is.

to post comments

Linus on Git and SHA-1

Posted Feb 27, 2017 14:50 UTC (Mon) by bronson (subscriber, #4806) [Link]

If that's all you want then that's easy, and people have been doing it for years.

Lot of links here: http://stackoverflow.com/questions/9392365/how-would-git-...

There are many experiments and discussions on the mailing lists too.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds