Scott wrote:
> Please, let's talk about hash collisions responsibly.


Chasing down links from the one Petr provided:

the best read I found was:

  MD5 To Be Considered Harmful Someday

As the author, Dan Kaminsky, states:

> it is far too easy to overestimate the risks described in this paper.

This paper does a good job of explaining the vulnerabilities
that MD5 has, currently (and yes, git uses SHA1 ...).

We have far greater vulnerabilities from intentional or accidental
coding errors, inadequately audited code, root exploits of user
(non-kernel) code, compilation and build tools, unreliable hardware
(how many of us use non-ECC memory - I do), poorly administered
systems, ...

                  I won't rest till it's the best ...
                  Programmer, Linux Scalability
                  Paul Jackson <[EMAIL PROTECTED]> 1.650.933.1373, 
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to