-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 02/23/2017 08:51 PM, Oleg Artemiev wrote:
> a little bit offtopic, everyone is using sha-256, I guess,
>
>
http://shattered.it/
>
> but, btw - any comments to this in Qubes contex:
>
> ----------------------------------------------------cut-----------------------
- --
>
>
>
How is GIT affected?
>
> GIT strongly relies on SHA-1 for the identification and integrity checking
> of all file objects and commits. It is essentially possible to create two
> GIT repositories with the same head commit hash and different contents,
> say a benign source code and a backdoored one. An attacker could
> potentially selectively serve either repository to targeted users. This
> will require attackers to compute their own collision.
> ----------------------------------------------------cut-----------------------
- --
>
>
>
?
>
Hey
You might be interested in this issue:
https://github.com/QubesOS/qubes-issues/issues/2240
- --
Live long and prosper
Robin `ypid` Schneider --
https://me.ypid.de/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYr0fYAAoJEIb9mAu/GkD4reoQAKPvuUxTl9qETXhZmuLJcSb+
4msToekwUrg5pGALC7XAV2DpXTd0UPD4muMNLE4W/F1Ynmm/i7ehe9A1UGyiy3QG
LYMDvJxg0cCPxADgBj0a43KtqaZJ9DvkcQcC6AwHOHw+9UIJjJXqPKj0gK1YFGHU
+FjI9iMEN4DHBMmi7UJ7ZX8Qe0vJ5Hq2lCYoToYmQCa+XYnDwqgjyv6J+RCJqtPr
P4/E5R/pYK36HRzFhXOm0KcnX6WynO7E1kBAdrkO2VpK+rk1QykKIxmnGfEfXaKO
zx8qEPkZqViGAZ4+Y3uuWXAbCjkJ0tOSIxZKXvuJfNSOO+R6+k6tDHzWZxX9+NY2
tf8VDckZOBHJM/Dk02HR1icXcQ+jpB4DfNrjjI8dKv0gJ0jCV/oVN2hsTeeoZri8
0bN0HAuWSrk+CreTrQv23lfjssPzAG1sYU8bofiE4QvuqToIH6FofKpr/RKas+wC
qgk2O86Y1MAZvzZsOgYHvCUFAtCFSjlqm+JuPCAoHowYNbAmpmc4SzgOFVxSKSgk
IzulqwctJXNdrLiJU8IehgZhTR4hAQbuljnctfX0qT/YvpozCII4nTkxBYR4DTCZ
mtQrBnVqv7rkqfNzb5Ri6NGgg3x9eVSBlhM+OQKpSKt+k9CipqrZwMaSJuVQU9vU
ZQdWuDabWIETqtqyOVcd
=YFtl
-----END PGP SIGNATURE-----