summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Joey Hess <joeyh@joeyh.name>2017-02-23 19:06:06 -0400
committerGravatar Joey Hess <joeyh@joeyh.name>2017-02-23 19:06:06 -0400
commitbeee1c562bce149a7338d7516eaa9c08d97bd0e0 (patch)
tree4ae3ba021c28d8c6d279c15d0783cb61b4343105
parenta6191e2476ebe4f1722f1cac9f2569a7e2d2a09c (diff)
add para
-rw-r--r--doc/devblog/day_449__SHA1_break_day.mdwn7
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/devblog/day_449__SHA1_break_day.mdwn b/doc/devblog/day_449__SHA1_break_day.mdwn
index df140be2f..a5287ff7c 100644
--- a/doc/devblog/day_449__SHA1_break_day.mdwn
+++ b/doc/devblog/day_449__SHA1_break_day.mdwn
@@ -7,6 +7,13 @@ very wealthy attackers. But we're well past the time when it seemed ok that git
uses SHA1. If this gets improved into a chosen-prefix collision
attack, git will start to be rather insecure.
+Projects that store binary files in git, that might be worth $100k for an
+attacker to backdoor **should** be concerned by the SHA1 collisions.
+A good example of such a project is
+<git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git>.
+Using git-annex (with a suitable backend like SHA256) and signed commits
+together is a good way to secure such repositories.
+
git-annex's SHA1 backend is already documented as only being
"for those who want a checksum but are not concerned about
security", so no changes needed here.