diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2017-02-23 19:06:06 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2017-02-23 19:06:06 -0400 |
| commit | beee1c562bce149a7338d7516eaa9c08d97bd0e0 (patch) | |
| tree | 4ae3ba021c28d8c6d279c15d0783cb61b4343105 /doc | |
| parent | a6191e2476ebe4f1722f1cac9f2569a7e2d2a09c (diff) | |
add para
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/devblog/day_449__SHA1_break_day.mdwn | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/devblog/day_449__SHA1_break_day.mdwn b/doc/devblog/day_449__SHA1_break_day.mdwn index df140be2f..a5287ff7c 100644 --- a/doc/devblog/day_449__SHA1_break_day.mdwn +++ b/doc/devblog/day_449__SHA1_break_day.mdwn @@ -7,6 +7,13 @@ very wealthy attackers. But we're well past the time when it seemed ok that git uses SHA1. If this gets improved into a chosen-prefix collision attack, git will start to be rather insecure. +Projects that store binary files in git, that might be worth $100k for an +attacker to backdoor **should** be concerned by the SHA1 collisions. +A good example of such a project is +<git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git>. +Using git-annex (with a suitable backend like SHA256) and signed commits +together is a good way to secure such repositories. + git-annex's SHA1 backend is already documented as only being "for those who want a checksum but are not concerned about security", so no changes needed here. |