On Mon, Sep 15, 2014 at 7:02 AM, hasufell <hasuf...@gentoo.org> wrote:
> hasufell: > > > > * there is no known SHA-1 collision afais > > * calculating one isn't that hard. NSA might be able to do it in > > reasonable time > > * however, the algorithms to do that will come up with random garbage, > > so it's a completely different thing to hide a useful vulnerability > > behind a SHA-1 collision > > > > That said... an attacker who has that much resources to calculate a > _random_ hash collision in reasonable time would certainly have a lot of > easier attack vectors than forging a _non-random_ hash collision that > contains actual working code (which, afaiu doesn't effectively work with > the current attack algorithms on SHA-1). > > He could simply break into one of the ~200 developer computers. There's > a pretty high chance at least one of them is running windows or known > vulnerable versions of the kernel or other random packages. > > No need to waste millions of dollars on SHA-1. > Even if you wanted to burn the money to find that magical collision that actually contains working code, you've still got to somehow propagate that to other repositories, since they'll just ignore it for having the same hash as an already-existing object.
