git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / Atom feed
* Git and the new SHA-1 prefix collision attack
@ 2019-05-15 12:22 Ævar Arnfjörð Bjarmason
  0 siblings, 0 replies; only message in thread
From: Ævar Arnfjörð Bjarmason @ 2019-05-15 12:22 UTC (permalink / raw)
  To: Git ML
  Cc: Jeff King, Marc Stevens, gaetan.leurent, thomas.peyrin,
	Dan Shumow, brian m . carlson, Junio C Hamano, Jonathan Nieder,
	Eric Sunshine

[CC-list carried forward from the last SHA-1 thread I found]

Thought I'd sent a brief line about this since nobody else did.

There's a newly published "From Collisions to Chosen-Prefix Collisions
Application to Full SHA-1" paper making the news this week which builds
on the SHAttered attack: https://eprint.iacr.org/2019/459.pdf

See https://shattered.io for that original attack.

I asked Marc Stevens on Twitter whether the sha1collisiondetection
library would cover the sorts of collisions generated by the method
described in this paper. He said yes:
https://twitter.com/realhashbreaker/status/1128419029536923649

Not all the details are out on this new attack, in particular the
researchers (CC'd) haven't yet published details[1] on improvements that
would make such an attack cheaper to carry out than the current
state-of-the art, which I understand from Marc's Twitter feed is
something he's skeptical about.

In any case, it looks like the sha1collisiondetection library will save
the day again. Thanks Marc & Dan!

1. https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-15 12:22 Git and the new SHA-1 prefix collision attack Ævar Arnfjörð Bjarmason

git@vger.kernel.org list mirror (unofficial, one of many)

Archives are clonable:
	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git
	nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git
	nntp://news.gmane.org/gmane.comp.version-control.git

 note: .onion URLs require Tor: https://www.torproject.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox