Reply to post: Re: Other Problems

Hash snag: Security shamans shame SHA-1 standard, confirm crucial collisions citing circa $45k chip cost

Crypto Monad

Re: Other Problems

Two points:

1. git allows signed commits and tags to record the authenticity of a commit. This relies on the SHA-1 for integrity. If you can't trust the SHA-1, you can't trust the signature.

2. with git, you necessarily don't need direct write access to someone's system to mess their data - only the system which they pull from. This could be some cloud service or some self-hosted server.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020