list mirror (unofficial, one of many)
 help / color / Atom feed
* Git and the new SHA-1 prefix collision attack
@ 2019-05-15 12:22 Ævar Arnfjörð Bjarmason
  0 siblings, 0 replies; only message in thread
From: Ævar Arnfjörð Bjarmason @ 2019-05-15 12:22 UTC (permalink / raw)
  To: Git ML
  Cc: Jeff King, Marc Stevens, gaetan.leurent, thomas.peyrin,
	Dan Shumow, brian m . carlson, Junio C Hamano, Jonathan Nieder,
	Eric Sunshine

[CC-list carried forward from the last SHA-1 thread I found]

Thought I'd sent a brief line about this since nobody else did.

There's a newly published "From Collisions to Chosen-Prefix Collisions
Application to Full SHA-1" paper making the news this week which builds
on the SHAttered attack:

See for that original attack.

I asked Marc Stevens on Twitter whether the sha1collisiondetection
library would cover the sorts of collisions generated by the method
described in this paper. He said yes:

Not all the details are out on this new attack, in particular the
researchers (CC'd) haven't yet published details[1] on improvements that
would make such an attack cheaper to carry out than the current
state-of-the art, which I understand from Marc's Twitter feed is
something he's skeptical about.

In any case, it looks like the sha1collisiondetection library will save
the day again. Thanks Marc & Dan!


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-15 12:22 Git and the new SHA-1 prefix collision attack Ævar Arnfjörð Bjarmason list mirror (unofficial, one of many)

Archives are clonable:
	git clone --mirror
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

Newsgroups are available over NNTP:

 note: .onion URLs require Tor:

AGPL code for this site: git clone public-inbox