[Genbox]

Not sure what you are asking, but it is trivially easy to fake a git short hash to whatever you like.

I cloned this repo: https://github.com/bradfitz/gitbrute

Ran the command in the readme (had to do it twice for some reason) and the latest commit is now 000001 on my fork of the repo: https://github.com/Genbox/gitbrute/commit/0000019075dabc337f...

It took less than 3 minutes for the full thing.

[dfawcus]

My example was using cut'n'paste, then cmp, so the full 40 char hash. I don't try comparing those things manually.

As I said trivial to prove valid; and since I was actually reading, using, and compiling the code, quite difficult to achieve a collision in the circumstances.

[zaarn]

Then just fake the first and last characters, not much of an additional challenge, few people compare all characters, they compare the first and last few. I bet that would have even caught you unaware in some moments.