And the moment I hit send I realised it's not necessarily true.
Conceivably, a collision attack might help you craft two commits (one
good, one bad) with the same hash.
But I still maintain what I just posted is true: if someone gets
malicious code into the repo, it's going to be by social enginee
The attack Schneier is talking about is a collision attack (i.e. it
creates two messages with the same hash, but you don't get to choose
either of the messages). It's not a second preimage attack, which is
what you would need to be able to create a message that hashes to the
same value of an exist
The threat of a SHA1 collision attack to insert a malicious pull request
are tiny compared with the other threats - e.g. github being compromised,
one of the core developers' passwords being compromised, one of the core
developers going rogue, sourceforge (distribution site) being compromised
etc e
On 2 April 2013 00:10, Will wrote:
> The threat of a SHA1 collision attack to insert a malicious pull request
> are tiny compared with the other threats - e.g. github being compromised,
> one of the core developers' passwords being compromised, one of the core
> developers going rogue, sourceforg
On 1 April 2013 20:28, Petr Praus wrote:
> An attacker would have to find a collision between two specific pieces of
> code - his malicious code and a useful innoculous code that would be
> accepted as pull request. This is the second, much harder case in the
> birthday problem. When people talk
On Mon, Apr 1, 2013 at 9:57 PM, Melvin Carvalho
wrote:
> 1. bitcoin.org -- logical, but no https and github doesnt let you set mime
> types
This one looks also logical to me. I'm not an semantic web expert, but
from what you wrote I suggest to use a subdomain. Would this be
possible for a schema?
On 1 April 2013 11:35, Harald Schilly wrote:
> On Mon, Apr 1, 2013 at 9:59 AM, Melvin Carvalho
> wrote:
> > The first step that needs to be done is to create a "vocabulary" for
> > bitcoin.
>
> Hi, have you checked out databases like OKFN and searched for existing
> vocabularies for payments? I
An attacker would have to find a collision between two specific pieces of
code - his malicious code and a useful innoculous code that would be
accepted as pull request. This is the second, much harder case in the
birthday problem. When people talk about SHA-1 being broken they actually
mean the fir
On Mon, Apr 1, 2013 at 9:59 AM, Melvin Carvalho
wrote:
> The first step that needs to be done is to create a "vocabulary" for
> bitcoin.
Hi, have you checked out databases like OKFN and searched for existing
vocabularies for payments? I don't think it's a great idea to
re-invent it, if there is a
I was just looking at:
https://bitcointalk.org/index.php?topic=4571.0
I'm just curious if there is a possible attack vector here based on the
fact that git uses the relatively week SHA1
Could a seemingly innocuous pull request generate another file with a
backdoor/nonce combination that slips un
I'm working on porting crypto currencies to the semantic web.
The advantages of this is that pages can then become machine readable on
the web allowing new types of innovation and spreading bitcoin information
to a wider audience.
The first step that needs to be done is to create a "vocabulary" f
11 matches
Mail list logo