> But in general, in case of foul play, you have ways ways more > to worry about than whether your hash is going to match! > > (and the attacks we know about for md5 and sha1 are of the "choose preimage > variety", so it's for files A and B that *the attacker* can choose, not your > own A file, and a B file chosen by the attacker).
In git case, you have also to think the damage due to the attack is also limited due to the distributed behaviour of it. Maybe someone can create a git object with the same hash value of one previous, but this change will not be propagated in the net, so all the others copies of the original object will be conserved in the network. And of course, the probability of creating a new git object with the same hash than other previous and correct linked is zero. -- Roberto E. Vargas Caballero ---------------------------- k...@shike2.com http://www.shike2.com
