[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Files with identical SHA1 breaks the repo

From: Andreas Stieger <Andreas.Stieger_at_gmx.de>
Date: Fri, 24 Feb 2017 16:17:44 +0100

Hi,

"Stefan Hett" wrote:
> On 2/23/2017 9:02 PM, √ėyvind A. Holm wrote:
> > This is the only known SHA-1 collision at the moment, but Google will
> > release the collision code in 90 days, so we can expect this not to last
> > forever.
> Reading up on that in an article on a German magazine [1] clarifies that
> the effort to create that hash still quite large (6500 CPU years + 100
> GPU years to calculate the collision). So this relativates the impact a bit.
> Certainly I'm not trying to say that the situation on SVN's side
> should/could not be improved, though.
>
> [1]
> https://www.heise.de/newsticker/meldung/Todesstoss-Forscher-zerschmettern-SHA-1-3633589.html

An occurrence of this issue in a production repository with the published PDFs:
https://bugs.webkit.org/show_bug.cgi?id=168774#c29

Andreas
Received on 2017-02-24 16:17:55 CET

This is an archived mail posted to the Subversion Dev mailing list.