SHA1 collisions became cheaper to create.

From: Paul Hammant <paul_at_hammant.org>
Date: Wed, 15 May 2019 07:20:25 +0100

Article: https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/

Subversion makes a SHA1 hash for each resource held. It is certainly
available as part of the detail for a file/resource, but I don't know
to what extend the PUT logic relies on it.

The ZDNet article talks of better algorithms, but perhaps isn't an
authority on which one is best. I wonder if a pluggable design would
work. Separately a mechanism for the server to reject a Subversion
client as too old may be needed.

- Paul
Received on 2019-05-15 08:20:33 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Re: SHA1 collisions became cheaper to create."
Previous message: Julian Foad: "Re: Subversion Exception svn_relpath_is_canonical in ra_loader.c"
Next in thread: Stefan Sperling: "Re: SHA1 collisions became cheaper to create."
Reply: Stefan Sperling: "Re: SHA1 collisions became cheaper to create."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]