On 1 April 2013 20:28, Petr Praus <petr@praus.net> wrote:
An attacker would have to find a collision between two specific pieces of code - his malicious code and a useful innoculous code that would be accepted as pull request. This is the second, much harder case in the birthday problem. When people talk about SHA-1 being broken they actually mean the first case in the birthday problem - find any two arbitrary values that hash to the same value. So, no I don't think it's a feasible attack vector any time soon.

Besides, with that kind of hashing power, it might be more feasible to cause problems in the chain by e.g. constantly splitting it.

OK, maybe im being *way* too paranoid here ... but what if someone had access to github, could they replace one file with one they had prepared at some point?
 


On 1 April 2013 03:26, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
I'm just curious if there is a possible attack vector here based on the fact that git uses the relatively week SHA1

Could a seemingly innocuous pull request generate another file with a backdoor/nonce combination that slips under the radar?

Apologies if this has come up before ...

------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development