* Git and the new SHA-1 prefix collision attack
@ 2019-05-15 12:22 Ævar Arnfjörð Bjarmason
0 siblings, 0 replies; only message in thread
From: Ævar Arnfjörð Bjarmason @ 2019-05-15 12:22 UTC (permalink / raw)
To: Git ML
Cc: Jeff King, Marc Stevens, gaetan.leurent, thomas.peyrin,
Dan Shumow, brian m . carlson, Junio C Hamano, Jonathan Nieder,
Eric Sunshine
[CC-list carried forward from the last SHA-1 thread I found]
Thought I'd sent a brief line about this since nobody else did.
There's a newly published "From Collisions to Chosen-Prefix Collisions
Application to Full SHA-1" paper making the news this week which builds
on the SHAttered attack: https://eprint.iacr.org/2019/459.pdf
See https://shattered.io for that original attack.
I asked Marc Stevens on Twitter whether the sha1collisiondetection
library would cover the sorts of collisions generated by the method
described in this paper. He said yes:
https://twitter.com/realhashbreaker/status/1128419029536923649
Not all the details are out on this new attack, in particular the
researchers (CC'd) haven't yet published details[1] on improvements that
would make such an attack cheaper to carry out than the current
state-of-the art, which I understand from Marc's Twitter feed is
something he's skeptical about.
In any case, it looks like the sha1collisiondetection library will save
the day again. Thanks Marc & Dan!
1. https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-05-15 12:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-15 12:22 Git and the new SHA-1 prefix collision attack Ævar Arnfjörð Bjarmason
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.