summaryrefslogtreecommitdiff
path: root/Types/MetaData.hs
diff options
context:
space:
mode:
authorGravatar Joey Hess <joeyh@joeyh.name>2017-02-24 19:54:36 -0400
committerGravatar Joey Hess <joeyh@joeyh.name>2017-02-24 19:54:36 -0400
commita091af71fc8161427f8d9553042d0bc41507fff7 (patch)
tree69cf2785559ef7600ce4402abdaee4a6071fae36 /Types/MetaData.hs
parent1630f299751d4e8b186cd176c8219f11257586d8 (diff)
SHA1 collisions in key names was more exploitable than I thought
Yesterday's SHA1 collision attack could be used to generate eg: SHA256-sfoo--whatever.good SHA256-sfoo--whatever.bad Such that they collide. A repository with the good one could have the bad one swapped in and signed commits would still verify. I've already mitigated this.
Diffstat (limited to 'Types/MetaData.hs')
0 files changed, 0 insertions, 0 deletions