nanog mailing list archives
Re: SHA1 collisions proven possisble
From: valdis.kletnieks () vt edu
Date: Sat, 25 Feb 2017 17:23:21 -0500
On Sat, 25 Feb 2017 09:26:28 -0800, Richard Hesse said:
Git prefixes blobs with its own data. You're not going to break git with a SHA-1 binary collision. However, svn is very vulnerable to breaking.
And here's the proof-of-concept for svn breakage. Somebody managed to make the WebKit svn totally lose its mind by uploading the two PoC PDFs.... https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke-the-webkit-repository-others-may-follow/
Attachment:
_bin
Description:
Current thread:
- SHA1 collisions proven possisble Grant Ridder (Feb 23)
- Re: SHA1 collisions proven possisble Ca By (Feb 23)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Ricky Beam (Feb 23)
- Re: SHA1 collisions proven possisble J. Hellenthal (Feb 23)
- Re: SHA1 collisions proven possisble Royce Williams (Feb 23)
- Re: SHA1 collisions proven possisble Richard Hesse (Feb 25)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 25)
- Re: SHA1 collisions proven possisble Randy Bush (Feb 26)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Jon Lewis (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
- Re: SHA1 collisions proven possisble Ca By (Feb 23)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 24)