Skip to the content.

G+: The first victim of a SHA1 collision

David Coles
The first victim of a SHA1 collision.

Watershed SHA1 collision just broke the WebKit repository, others may follow


(+1's) 2
David Coles
Subversion isn't the only version control system using SHA1. I wonder what other implications this has for storage systems.

Abdulla Kamar
I'm guessing you've read this.

I thought I'd write an update on git and SHA1, since the SHA1 collision attac...


David Coles
Yeah. +Matt Giuca also made some pretty extensive comments on


I think Linus makes some good points why this kind of collision attack isn't a case of 'the sky is falling', but I can also see it being a really good reason to migrate away from depending on it for any sort of cryptographic integrity checks. There's been some pretty creative attacks that come from having just a little bit of wiggle room that the developers didn't initially foresee.

I thought I'd write an update on git and SHA1, since the SHA1 collision attac...