mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

devblog

Browse source
This commit is contained in:
Joey Hess 2017-02-23 16:43:15 -04:00
parent 3af9f5ed1a
commit aae9e15a97
No known key found for this signature in database
GPG key ID: C910D9222512E3C7
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
doc/devblog/day_449__SHA1_break_day.mdwn Normal file
View file

@ -0,0 +1,11 @@
[The first SHA1 collision](https://shattered.io/) was announced today,
produced by an identical-prefix collision attack.
After looking into it all day, it does not appear to impact git's security
immediately. But we're well past the time when it seemed ok that git
uses SHA1. If this gets improved into a chosen-prefix collision
attack, git will start to be rather insecure.
git-annex's SHA1 backend is already documented as only being
"for those who want a checksum but are not concerned about
security", so no changes needed here.