SHA1 collisions proven possisble

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Sat Feb 25 22:23:21 UTC 2017


On Sat, 25 Feb 2017 09:26:28 -0800, Richard Hesse said:
> Git prefixes blobs with its own data. You're not going to break git with a
> SHA-1 binary collision. However, svn is very vulnerable to breaking.

And here's the proof-of-concept for svn breakage.  Somebody managed to
make the WebKit svn totally lose its mind by uploading the two PoC PDFs....

https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke-the-webkit-repository-others-may-follow/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170225/5b226776/attachment.sig>


More information about the NANOG mailing list