On Thu, Feb 23, 2017 at 02:21:47PM -0400, Joey Hess wrote: > Linus Torvalds wrote: > > What you describe pretty much already requires a pre-image attack, > > which the new attack is _not_. > > > > It's not clear that the "good" object can be anything sane. > > Generate a regular commit object; use the entire commit object + NUL as the > chosen prefix, and use the identical-prefix collision attack to generate > the colliding good/bad objects. FWIW, git-fsck complains about those (and transfer.fsck rejects them): $ (git cat-file commit HEAD; printf '\0more stuff') | git hash-object -w --stdin -t commit ecb2e5165c184f9025cb4c49d8f75901f4830354 $ git fsck warning in commit ecb2e5165c184f9025cb4c49d8f75901f4830354: nulInCommit: NUL byte in the commit object body So as long as either your "good" or "evil" commit has binary junk in it, you are likely to be noticed (not everybody turns on transfer.fsck, but GitHub does). -Peff