Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

1/ Warren the guy who knows nothing about software security talks about software security ...Wow. I don't get this. 2/ semi? > « I think Fossil is in a much better position to do this sort of migration > than, say, Git, due to its semi-centralized nature » This would convince people to use Git

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

Thank you Marc... 1/ I've said that it is needed to let people choose their digest algorithm... a) of course the Fossil team does not take into account what I've said. b) I was wondering in the past when would it be possible to the lambda guy to break the sha1.Finally it is worse than what I've ex

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Thu, Feb 23, 2017 at 06:12:18PM -0500, Martin Gagnon wrote: > Seems that Git can store both of them, I beleive it calculate the sha1 > on a combination of the filename and the content or something like that. No, it stores the object type first, which effectively creates a different block struct

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Feb 23, 2017, at 10:50 AM, Marc Simpson wrote: > > This may be of interest to some here, especially in light of previous > SHA-1 related discussions on list: > > https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html Before I respond, first know that I respond out of c

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Thu, Feb 23, 2017 at 03:18:29PM -0800, bch wrote: [snip] > > Or more correctly, "a *subsequent* file with the same sha1 hash..." If you > happened to commit the Trojan file first, the "good" commit would have been > the one to fail. > True, but if you pull from untrusted user (or give push

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Feb 23, 2017 15:12, "Martin Gagnon" wrote: On Thu, Feb 23, 2017 at 09:50:12AM -0800, Marc Simpson wrote: > This may be of interest to some here, especially in light of previous > SHA-1 related discussions on list: > > https://security.googleblog.com/2017/02/announcing-first- sha1-collision.h

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Thu, Feb 23, 2017 at 09:50:12AM -0800, Marc Simpson wrote: > This may be of interest to some here, especially in light of previous > SHA-1 related discussions on list: > > https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html > Also, Here's a related discussion from g

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

[Default] On Thu, 23 Feb 2017 09:50:12 -0800, Marc Simpson wrote: >This may be of interest to some here, especially in light of previous >SHA-1 related discussions on list: > > https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html Interesting. https://shattered.io/ says:

[fossil-users] Google Security Blog: Announcing the first SHA1 collision

This may be of interest to some here, especially in light of previous SHA-1 related discussions on list: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html /M ___ fossil-users mailing list fossil-users@lists.fossil-scm.org ht