Theodore Ts'o wrote: > OK, so how does this map to git? First of all, from a collision > perspective, the two blobs have to map into valid C code Git provides other places to hide the colliding blobs; the best seems to be as an added header in the commit object, or as trailing data after a \0 in the commit message. git is very good at hiding such potentially colliding data from the user, as https://github.com/joeyh/supercollider demonstrates. commit 24f30db5790b209fa412ce81c5ef2bf8af5fd4d7 Author: Joey Hess <joey@xxxxxxxxxxx> Date: Fri Sep 9 11:49:21 2011 -0400 an innocent commit If this were a sha1 colliding attack, there would be some sort of binary garbage below. Which there isn't. So this can be safely merged. joey@darkstar:~/tmp/supercollider>git cat-file -p 24f30db5790b209fa412ce81c5ef2bf8af5fd4d7 tree 735a7633237c07b398856005de3bc9ea00446747 author Joey Hess <joey@xxxxxxxxxxx> 1315583361 -0400 committer Joey Hess <joey@xxxxxxxxxxx> 1315583361 -0400 an innocent commit If this were a sha1 colliding attack, there would be some sort of binary garbage below. Which there isn't. So this can be safely merged. ??b???[?i??ͯ?t?2??????os?<????h?+,M?mY?e?EW?iv$???J??U}n~???L??????f???ě??3>?Q??H?*zl?RA˂q?E?E7???\?m???U?>MU GY?d)?ȼ??'g?~D??ɯhQ????/"E??X?m???^??S?D??;w6(?`??>?縘?AѲ?*!??@v????>?8??2?!??=*?J ???ynH???c?w?\??K7???N?6?????A5?FM?wZ?~?pKY?R???s7??(?ƶ?_"??m%????1a??ʀ??K[ t????!A0?ΈfT.?T?w?ƌ?р???aco?V/2??nَ? ?}?6?_?z?{ (The other possibility would be to hide the colliding blob in the tree object, but that seems unlikely.) -- see shy jo
Attachment:
signature.asc
Description: PGP signature