On Tue, Jan 07, 2020 at 03:31:48PM -0500, Santiago Torres Arias wrote: > > > As a side result, this shows that it now costs less than 100k USD to > > > break cryptography with a security level of 64 bits (i.e. to compute > > > 264 operations of symmetric cryptography). > > Just to clarify: > > As a stopgap measure, the collision-detection library of Stevens and Shumow [SS17] > can be used to detect attack attempts (it successfully detects our attack). > > At the end of section 7.0, And if anyone is curious, you can test your build of Git against their sample files by running: $ t/helper/test-tool sha1 <messageA fatal: SHA-1 appears to be part of a collision attack: 8ac60ba76f1999a1ab70223f225aefdc78d4ddc0 Unfortunately you can't test with actual Git objects, because their chosen-prefixes don't have object headers. They do estimate that a classical collision is down to ~11k USD to compute, so maybe we'll see one eventually. :) -Peff
