diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2017-02-23 16:43:15 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2017-02-23 16:43:15 -0400 |
| commit | bd4c158417ce3494497ab903a0b28a2a85330ec4 (patch) | |
| tree | e3777458902915260374dbed69d56131d87c31a1 /doc | |
| parent | 3dc6aa3f53dc17573996a3ceae32f80dfd9e7094 (diff) | |
devblog
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/devblog/day_449__SHA1_break_day.mdwn | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/devblog/day_449__SHA1_break_day.mdwn b/doc/devblog/day_449__SHA1_break_day.mdwn new file mode 100644 index 000000000..0342582f3 --- /dev/null +++ b/doc/devblog/day_449__SHA1_break_day.mdwn @@ -0,0 +1,11 @@ +[The first SHA1 collision](https://shattered.io/) was announced today, +produced by an identical-prefix collision attack. + +After looking into it all day, it does not appear to impact git's security +immediately. But we're well past the time when it seemed ok that git +uses SHA1. If this gets improved into a chosen-prefix collision +attack, git will start to be rather insecure. + +git-annex's SHA1 backend is already documented as only being +"for those who want a checksum but are not concerned about +security", so no changes needed here. |