On Fri, Nov 21, 2014 at 06:32:46PM -0500, Jason Pyeron wrote: > The whole issue is a lot better than this makes it sound. Yes it is > just a SHA1 hash, but it is a hash of a structured data format. > > You have very observable parts of that well structured data providede to the > hash.
Yeah, I glossed over that because I don't know enough about the specific attacks. In the worst case, you have a binary file format that lets people stick arbitrary bits of data in the middle (like the MD5 attacks on Postscript and PDF files), and you do the collision on the blobs. But even with that, the sha1s are taken over "blob <n>\0<content>" where <n> is the number of bytes of <content>. Depending on the exact scheme for generating probable collisions is less than brute force time, even that amount of structure may prove problematic. I don't know whether that is the case for the best-known attacks or not (remember that nobody has _actually_ generated a sha-1 collision at all yet). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
