From 5a88cab005f22ca22c887c3764c9f9e1cbff5b1c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 23 Feb 2017 19:06:06 -0400 Subject: [PATCH] add para --- doc/devblog/day_449__SHA1_break_day.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/devblog/day_449__SHA1_break_day.mdwn b/doc/devblog/day_449__SHA1_break_day.mdwn index df140be2f8..a5287ff7cd 100644 --- a/doc/devblog/day_449__SHA1_break_day.mdwn +++ b/doc/devblog/day_449__SHA1_break_day.mdwn @@ -7,6 +7,13 @@ very wealthy attackers. But we're well past the time when it seemed ok that git uses SHA1. If this gets improved into a chosen-prefix collision attack, git will start to be rather insecure. +Projects that store binary files in git, that might be worth $100k for an +attacker to backdoor **should** be concerned by the SHA1 collisions. +A good example of such a project is +. +Using git-annex (with a suitable backend like SHA256) and signed commits +together is a good way to secure such repositories. + git-annex's SHA1 backend is already documented as only being "for those who want a checksum but are not concerned about security", so no changes needed here.