[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: SHA-1 Broken

From: graydon hoare
Subject: [Monotone-devel] Re: SHA-1 Broken
Date: Tue, 15 Feb 2005 23:49:44 -0500
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Dean Kusler wrote:
I'm sure many of y'all have already seen this, but I hadn't seen it posted to the list yet. Preliminary details on Bruce Schneier's blog.

Of course, collision attacks probably aren't that important for Monotone's use of SHA-1, since you'd need to have a malicious person with write access to your database, in which case you're probably screwed anyways.

you'd also need an attacker wealthy enough to scrape up 2^69 work units, in which case you're also probably screwed anyways.

but we should, as a matter of courtesy, update our standard hash to something stronger soon. as soon as there's a community consensus about which hash in particular represents "something stronger".

it's worth noting that any competing system which uses digital signatures as a security mechanism is equally weakened by this exciting development.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]