|
|
|
|
|
|
by philipn
3402 days ago
|
|
|
You can check out the git developer mailing list discussion here: https://public-inbox.org/git/20170223164306.spg2avxzukkggrpb... My rough summary: given there is no known second-preimage attack on SHA1, this is not an immediate danger to Git security because of the way Git works. The Git developers do want to move to a non-SHA1 hash at some point in the future. Linus, from thread: "I think that's a no-brainer, and we do want to have a path to eventually move towards SHA3-256 or whatever. But I'm very definitely arguing that the current attack doesn't
actually sound like it really even _matters_, because it should be so
easy to mitigate against." |
|
|