Hi, Dear diary, on Fri, Oct 20, 2006 at 10:38:48AM CEST, I got a letter where Johannes Schindelin <Johannes.Schindelin@xxxxxx> said that... > On Fri, 20 Oct 2006, Lachlan Patrick wrote: > > > How does git disambiguate SHA1 hash collisions? > > It does not. You can fully expect the universe to go down before that > happens. > > The only reasonable worry is about SHA-1 being broken some time in future, > i.e. being able to construct a malign version of some source code _which > has the same hash_. There were plenty of discussions about that; Please > search the mailing list. (The consent was that those do not matter, > because an existing object will _never_ be overwritten by a fetch, so you > would not get that invalid object anyway.) well, that's somewhat a bold statement, since when you have a way to fabricate malicious objects, you probably can socially engineer to have it distributed to a large portion of repositories if you try hard enough. Or you hack kernel.org and replace the object. Who knows. But the thing is that noone has come any closer to this kind of attack at all. Currently known attacks are that you can relatively fast (which doesn't mean "5 minutes"; I think that in case of SHA1 the complexity is still huge, just smaller than intended, but I may remember wrong; you can get a MD5 collision of this kind within one minute on a standard notebook) create a _pair_ of objects sharing the same hash, where both objects contain a big binary blob. So you would first have to engineer to have one of those objects accepted officially, then engineer the malicious one getting in. Generating an object that hashes to a predetermined value is much harder problem and AFAIK there's no much progress in breaking this. -- Petr "Pasky" Baudis Stuff: http://pasky.or.cz/ #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html