First Successful Collision Attack On the SHA-1 Hashing Algorithm

Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function. They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site humorously called The SHAppening.

Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.

what about git?

[slashdice]

Git uses SHA1 so every git repository should now be considered compromised. Dice is holding an all-hands meeting this afternoon to find a replacement. Since sourceforge supports SVN and CVS, we may use them. They're highly performant, easy to use, and (most importantly) their crypto can't be broken since they don't have any.

Re:what about git?

The colliding file will be line noise

I guess Perl projects using git are in trouble.

You can't just string a hash together

[fyngyrz]

Sorry, this isn't that serious. You can't just walk up to a geisha 1 day and in fits and starts
handle all the encoding black-hattery of some random pasha 1 character per line. Seriously, duh
All this won't flip anyone's ricksha 1 morning. Another thing: SSL's still safe. At best it's a
1-time (or... maybe 2) opportunity to replace someone's kasha 1 grain at a time. But probably 1

Re:You can't just string a hash together

[fyngyrz]

LOL, I successfully trolled a mod. :)

That's going to keep me smiling all day!

Deliberately Incoherent Ramblings

LOL, I successfully trolled a mod. :)

That's going to keep me smiling all day!

And here I thought you were just smoking crack.