[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SHA1 collisions became cheaper to create.

From: Paul Hammant <paul_at_hammant.org>
Date: Wed, 15 May 2019 07:20:25 +0100

Article: https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/

Subversion makes a SHA1 hash for each resource held. It is certainly
available as part of the detail for a file/resource, but I don't know
to what extend the PUT logic relies on it.

The ZDNet article talks of better algorithms, but perhaps isn't an
authority on which one is best. I wonder if a pluggable design would
work. Separately a mechanism for the server to reject a Subversion
client as too old may be needed.

- Paul
Received on 2019-05-15 08:20:33 CEST

This is an archived mail posted to the Subversion Dev mailing list.