Hi,
"Stefan Hett" wrote:
> On 2/23/2017 9:02 PM, Øyvind A. Holm wrote:
> > This is the only known SHA-1 collision at the moment, but Google will
> > release the collision code in 90 days, so we can expect this not to last
> > forever.
> Reading up on that in an article on a German magazine [1] clarifies that
> the effort to create that hash still quite large (6500 CPU years + 100
> GPU years to calculate the collision). So this relativates the impact a bit.
> Certainly I'm not trying to say that the situation on SVN's side
> should/could not be improved, though.
>
> [1]
> https://www.heise.de/newsticker/meldung/Todesstoss-Forscher-zerschmettern-SHA-1-3633589.html
An occurrence of this issue in a production repository with the published PDFs:
https://bugs.webkit.org/show_bug.cgi?id=168774#c29
Andreas
Received on 2017-02-24 16:17:55 CET