DJB has just posted the following on the SHA-3 mailing list:
the details of the original MD5 collision attack turned out to be a terrifying indictment of the structure of MD5, and the details of the SHA-1 attack are similarly scary
An anonymous poster on Slashdot posted back in 2009 a plausible attack scenario with Git using collisions in SHA-1. There was also some mumbling in the blogosphere back then for GIT to update its underlying cryptographic primitive.
The bottom line is this: It is high time for Git to move on beyond SHA-1. Ideally, Git should store hashes in an "algorithm:hash" format, and support all four variants of both SHA-2 and now SHA-3.
The above picture contains an image from the Star Trek: The Next Generation episode "Ménage à Troi", copyright 1990 CBS Studios. I believe this use of the image qualifies as fair use, since it is only a very low-resolution single frame, and its use does not harm (indeed it may even help) the market for the original work.
In order to reduce spam, comments for this entry are now closed