* Git and the new SHA-1 prefix collision attack
@ 2019-05-15 12:22 Ævar Arnfjörð Bjarmason
0 siblings, 0 replies; only message in thread
From: Ævar Arnfjörð Bjarmason @ 2019-05-15 12:22 UTC (permalink / raw)
To: Git ML
Cc: Jeff King, Marc Stevens, gaetan.leurent, thomas.peyrin,
Dan Shumow, brian m . carlson, Junio C Hamano, Jonathan Nieder,
Eric Sunshine
[CC-list carried forward from the last SHA-1 thread I found]
Thought I'd sent a brief line about this since nobody else did.
There's a newly published "From Collisions to Chosen-Prefix Collisions
Application to Full SHA-1" paper making the news this week which builds
on the SHAttered attack: https://eprint.iacr.org/2019/459.pdf
See https://shattered.io for that original attack.
I asked Marc Stevens on Twitter whether the sha1collisiondetection
library would cover the sorts of collisions generated by the method
described in this paper. He said yes:
https://twitter.com/realhashbreaker/status/1128419029536923649
Not all the details are out on this new attack, in particular the
researchers (CC'd) haven't yet published details[1] on improvements that
would make such an attack cheaper to carry out than the current
state-of-the art, which I understand from Marc's Twitter feed is
something he's skeptical about.
In any case, it looks like the sha1collisiondetection library will save
the day again. Thanks Marc & Dan!
1. https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-05-15 12:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-15 12:22 Git and the new SHA-1 prefix collision attack Ævar Arnfjörð Bjarmason
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).