|
|
|
|
|
|
by lvh
1708 days ago
|
|
|
This makes no sense. Sure: you can generate an X.509 certificate that says whatever you want, but the point is that you can validate the signature and see that it's a forgery. In the case of a hash-addressed system like git, the problem is that the signature is over a collision, so it no longer certifies the thing its supposed to certify. Git uses the hash as a shorthand for a revision, including its entire history--so yes, it is using the hash that way. By that logic, would MD5 be fine? MD4? CRC32? |
|
|