summaryrefslogtreecommitdiff
path: root/RelNotes
diff options
context:
space:
mode:
authorLibravatar Ævar Arnfjörð Bjarmason <avarab@gmail.com>2018-03-26 18:27:08 +0000
committerLibravatar Junio C Hamano <gitster@pobox.com>2018-03-27 19:08:31 -0700
commit5988eb631a3a3a42f82c1442fae79001ad2b90e7 (patch)
tree8b96fcd0b241cd0aeafe0501ebcdbf0ffa98bdc0 /RelNotes
parentdoc hash-function-transition: clarify how older gits die on NewHash (diff)
downloadtgif-5988eb631a3a3a42f82c1442fae79001ad2b90e7.tar.xz
doc hash-function-transition: clarify what SHAttered means
Attempt to clarify what the SHAttered attack means in practice for Git. The previous version of the text made no mention whatsoever of Git already having a mitigation for this specific attack, which the SHAttered researchers claim will detect cryptanalytic collision attacks. I may have gotten some of the nuances wrong, but as far as I know this new text accurately summarizes the current situation with SHA-1 in git. I.e. git doesn't really use SHA-1 anymore, it uses Hardened-SHA-1 (they just so happen to produce the same outputs 99.99999999999...% of the time). Thus the previous text was incorrect in asserting that: [...]As a result [of SHAttered], SHA-1 cannot be considered cryptographically secure any more[...] That's not the case. We have a mitigation against SHAttered, *however* we consider it prudent to move to work towards a NewHash should future vulnerabilities in either SHA-1 or Hardened-SHA-1 emerge. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'RelNotes')
0 files changed, 0 insertions, 0 deletions