Author: Petr Praus 2013-04-01 18:28:28
Published on: 2013-04-01T18:28:28+00:00
In a discussion on the Bitcoin-development mailing list, a member named Melvin Carvalho asked whether there was a potential attack vector based on the relatively weak SHA1 encryption that Git uses. The concern was that an attacker could create a pull request containing malicious code that would be accepted as innocuous and then generate another file with a backdoor/nonce combination that goes unnoticed. However, to do so, the attacker would have to find a collision between two specific pieces of code, which is much harder than finding any two arbitrary values that hash to the same value. Furthermore, it might be more feasible for an attacker to cause problems in the chain by constantly splitting it. Ultimately, the consensus was that this type of attack vector was not a feasible one anytime soon.
Updated on: 2023-06-06T11:32:10.307873+00:00