Jeff King wrote: > It's not an identical prefix, but I think collision attacks generally > are along the lines of selecting two prefixes followed by garbage, and > then mutating the garbage on both sides. That would "work" in this case > (modulo the fact that git would complain about the NUL). > > I haven't read the paper yet to see if that is the case here, though.
The current attack is an identical-prefix attack, not chosen-prefix, so not quite to that point yet. The MD5 chosen-prefix attack was 2^15 harder than the known-prefix attack, but who knows if the numbers will be comprable for SHA1. > A related case is if you could stick a "cruft ...." header at the end of > the commit headers, and mutate its value (avoiding newlines). fsck > doesn't complain about that. git log and git show don't show such cruft headers either. BTW, the SHA attack only added ~128 bytes to the pdfs, not really a huge amount of garbage. -- see shy jo
signature.asc
Description: PGP signature
