subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hammant <p...@hammant.org>
Subject SHA1 collisions became cheaper to create.
Date Wed, 15 May 2019 06:20:25 GMT
Article: https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/

Subversion makes a SHA1 hash for each resource held. It is certainly
available as part of the detail for a file/resource, but I don't know
to what extend the PUT logic relies on it.

The ZDNet article talks of better algorithms, but perhaps isn't an
authority on which one is best. I wonder if a pluggable design would
work. Separately a mechanism for the server to reject a Subversion
client as too old may be needed.

- Paul

Mime
View raw message