From 3e28f10759a3f6e7a5cf947db0c975b70151e6f7 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Fri, 24 Feb 2017 20:03:36 -0400
Subject: devblog

---
 doc/devblog/day_450__hardening_against_SHA_attacks.mdwn | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 doc/devblog/day_450__hardening_against_SHA_attacks.mdwn

(limited to 'doc/devblog')

diff --git a/doc/devblog/day_450__hardening_against_SHA_attacks.mdwn b/doc/devblog/day_450__hardening_against_SHA_attacks.mdwn
new file mode 100644
index 000000000..5e419dea7
--- /dev/null
+++ b/doc/devblog/day_450__hardening_against_SHA_attacks.mdwn
@@ -0,0 +1,13 @@
+Yesterday I said that a git-annex repository using signed commits and SHA2
+backend would be secure from SHA1 collision attacks. Then I noticed that
+there were two ways to embed the necessary collision generation data inside
+git-annex key names. I've fixed both of them today, and cannot find any
+other ways to embed collision generation data in between a signed commit
+and the annexed files.
+
+I also have a design for a way to configure git-annex to expect to see only
+keys using secure hash backends, which will make it easier to work with
+repositories that want to use signed commits and SHA2. Planning to implement
+that tomorrow.
+
+[[todo/sha1_collision_embedding_in_git-annex_keys]] has the details.
-- 
cgit v1.2.3