Author: Melvin Carvalho 2013-04-01 21:52:11
Published on: 2013-04-01T21:52:11+00:00
In an email exchange on April 1, 2013, Melvin Carvalho raised concerns about the security of Git's use of SHA-1 for generating hashes. He questioned whether there was a possible attack vector that could be exploited by a seemingly innocuous pull request that generated another file with a backdoor/nonce combination which could slip under the radar. Petr Praus responded, stating that finding a collision between two specific pieces of code is much harder and less feasible than finding any two arbitrary values that hash to the same value. He also suggested that with such hashing power, it might be more feasible to cause problems in the chain by constantly splitting it. While these emails expressed concerns about the security of Git, no known attacks exploiting these vulnerabilities have been reported.
Updated on: 2023-06-06T11:28:48.313173+00:00