>> The reality of the current situation is that it's largely mitigated in >> practice because: >> >> a) it's hard to hand someone a crafted blob to begin with for reasons >> that have nothing to do with SHA-1 (they'll go "wtf is this garbage?") >> >> b) even in that case it's *very* hard to come up with two colliding >> blobs that are *useful* for some nefarious purpose, e.g. a program A >> that looks normal being replaced by an evil program B with the same >> SHA-1. > > Thanks. That's a nice rephrasing of > > http://public-inbox.org/git/Pine.LNX.4.58.0504291221250.18901%40ppc970.osdl.org/ > > where Linus explains SHA-1 is not the security, and the real > security is in distribution. If the real security is in the distribution, than why git supports signed commits and objects? The security of the signatures do depend on the hash. Saying the hash is not a security feature and offering GPG signing based on that hash is a damn big lie. You can change the hash algorithm to a secure one, or change the signing method to be independent of the hash algorithm, or you can stop offering signatures at all, but something has to be done here. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html