|
|
|
|
|
|
by peff
3384 days ago
|
|
|
It is possible; the researchers estimate the likelihood of a false positive at 2^-90 (which puts us back in "Sun engulfs the Earth" territory). There are metrics that will alert GitHub's infrastructure team if a collision is found (to confirm that we aren't seeing any false positives). Those metrics were quietly shipped (without the matching "die") for a week before flipping the final switch. If you want to know more about the patterns, see the sha1collisiondetection project: https://github.com/cr-marcstevens/sha1collisiondetection There's a research paper linked in the README. |
|
|