SHA1 collisions proven possisble

valdis.kletnieks at valdis.kletnieks at
Sat Feb 25 22:23:21 UTC 2017

On Sat, 25 Feb 2017 09:26:28 -0800, Richard Hesse said:
> Git prefixes blobs with its own data. You're not going to break git with a
> SHA-1 binary collision. However, svn is very vulnerable to breaking.

And here's the proof-of-concept for svn breakage.  Somebody managed to
make the WebKit svn totally lose its mind by uploading the two PoC PDFs....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list