Re: SHA1 collisions became cheaper to create.

From: Paul Hammant <paul_at_hammant.org>
Date: Wed, 15 May 2019 14:03:22 +0100

Yes, Subversion would remain good a keeping versions of honest development work.

Problem I'm trying to solve: In an audit situation where prior commits
were to be analyzed the owner of the repo that was motivated enough
could tell the auditor that black was while in respect of a certain
historical commit. Assuming the auditor had prior SHA1s (in lieu of a
full Merkle tree), for the resources at a historical revision under
audit.

Granted PDF payloads (& other large encoded-stream binaries like
movies) are susceptible for such retroactive fakery, whereas
CR-delimited text files with plausible content are not retroactively
fake-able without that being clear to the eye: "Hey, that's not a C
source file".

Feel free to ignore - this can wait a number of years.
Received on 2019-05-15 15:03:29 CEST

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: SHA1 collisions became cheaper to create."
Previous message: Daniel Shahaf: "Re: SHA1 collisions became cheaper to create."
In reply to: Daniel Shahaf: "Re: SHA1 collisions became cheaper to create."
Next in thread: Daniel Shahaf: "Re: SHA1 collisions became cheaper to create."
Reply: Daniel Shahaf: "Re: SHA1 collisions became cheaper to create."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]