I really like this idea.
And we could take a copy of APR's sha1 code, and rejigger it to perform
*both* hashes during the same scan of the raw bytes. I would expect the
time taken to extend by (say) 1.1X rather than a full 2X. The inner loop
might cost a bit more, but we'd only scan the bytes once
Hello,
further on the topic of putting in place remediation for issues that
resulted from SHA-1 collisions (CVE-2005-4900), most recently
demonstrated by material posted on shattered.io, and observed as
recoverable repository corruption on the WebKit repository:
Improving on hooks:
First thanks
Someone just ran into http://subversion.tigris.org/issues/show_bug.cgi?id=3311
on IRC. That page has no indication that it's a static snapshot.
Could we add to that page a pointer to the jira issue tracker?
Or maybe a global notice, to *every* page on subversion.tigris.org,
pointing to https://s
3 matches
Mail list logo
