A set of ideas pertaining to cryptographic validation of Git release branches and artifacts:https://gist.github.com/djspiewak/a6cef156708c6a95906d …
@djspiewak @puffnfresh a collision in and of itself isn't particularly useful though. It really needs to be a preimage attack...
-
-
@bascule@puffnfresh You don’t need a preimage, just a second preimage. The former is much harder, while the latter is basically a collision -
@djspiewak@puffnfresh yes I'm aware :P https://twitter.com/bascule/status/547547376102023168 … and we aren't there yet, nor is there evidence we will be soon... -
@djspiewak@puffnfresh I'm not saying SHA1 isn't terrible, just that there isn't anything promising in this department yet attack-wise -
@bascule@puffnfresh I worry primarily because long term releases are just that, long term.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.