On Tue, Apr 29, 2008 at 08:17:51PM +0200, Matthieu Moy wrote: > > Here's the standard scenario for a hash collision attack, with > > parties, A, B, and C: > > > > 1. C, the malicious one, computes the standard two pdfs with matching > > sha1 hashes. > > 2. C sends the valid pdf to B through a git commit, and B signs it with a tag. > > 3. C grabs the signature, and then forwards the "signed" commit to A, > > but substitutes the invalid pdf with the same hash. > > Just to add my 2 cents, examples of this are available on the web, > like: > > http://th.informatik.uni-mannheim.de/People/Lucks/HashCollisions/ > > Same size, same hash. But that's with md5, not sha1. Well yes, but that's still using the methods already mentioned in this thread. So you do have to get your "good" code approved before replacing it with something nasty. - Fredrik -- Regards, Fredrik Skolmli -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
