| brent timothy saner via plug on 26 Sep 2022 11:28:16 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] free courses, systemd Win, hashquines |
On 9/26/22 14:21, Rich Freeman via plug wrote:
On Sun, Sep 25, 2022 at 8:49 PM Walt Mankowski via plug <plug@lists.phillylinux.org> wrote:On Sun, Sep 25, 2022 at 08:22:47PM -0400, Rich Freeman via plug wrote:So, on the topic of insecure hash algorithms, can anybody spot the glaring problem with this: $ git cat-file commit ec9a21e4f51de087744f2f5eb95a82cda673b07e tree 0b6fab6bb7b543878e599ec60699fb005b434bbcI can't.Yeah, I could have been less clickbaity. I'll confess this is also a bit of a soap box item for me. Git still uses sha1 hashes, though I think they're talking about adding support for sha256 (no, it isn't impossible to switch or even have both).
They've: * hardened the SHA-1 attack vector since 2.13.0[0] * have worked on implementation of SHA256 support since 2018 ** and implemented it in v2.29.0[1], in 2020. [0] https://git-scm.com/docs/hash-function-transition/ [1] https://lore.kernel.org/lkml/xmqqy2k2t77l.fsf@gitster.c.googlers.com/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug