From 9bee19ed3829339e4ce7f4291f0f03ebdca6a094 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 23 Feb 2017 17:11:46 -0400 Subject: [PATCH] slight correction --- doc/devblog/day_449__SHA1_break_day.mdwn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/devblog/day_449__SHA1_break_day.mdwn b/doc/devblog/day_449__SHA1_break_day.mdwn index 0342582f3b..df140be2f8 100644 --- a/doc/devblog/day_449__SHA1_break_day.mdwn +++ b/doc/devblog/day_449__SHA1_break_day.mdwn @@ -2,7 +2,8 @@ produced by an identical-prefix collision attack. After looking into it all day, it does not appear to impact git's security -immediately. But we're well past the time when it seemed ok that git +immediately, except for targeted attacks against specific projects by +very wealthy attackers. But we're well past the time when it seemed ok that git uses SHA1. If this gets improved into a chosen-prefix collision attack, git will start to be rather insecure.