Simply put, the best known attack of SHA-1 takes 2^69 hash operations. ( http://www.schneier.com/blog/archives/2005/02/sha1_broken.html ) The attack is still only an unpublished paper and has not yet been implemented. An attack is: you try as hard as you can to find a collision between two arbitrary messages (i.e. two arbitrary --and nonsensical-- source files). In the context of git, a better estimation would be the number of hash operations needed to find a message that has the same hash than a given fixed message (e.g. mm/memory.c). This is more like 2^100 hash operations. And if a collision is found, this is very likely using a message that *doesn't* look like a C source file...
Moreover, no example of collision is known, AFAIK. In other words: this won't happen. Best, /er. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
