I can't seem to use minisign with git, which is my main use for gpg. | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

melvyn2 on Sept 4, 2020 | parent | context | favorite | on: GnuPG 2.2.23

I can't seem to use minisign with git, which is my main use for gpg.

dependenttypes on Sept 4, 2020 [–]

Signing git commits is broken anyway as you are basically signing the commit hash (which is a sha1, whose collision resistance is broken).

cordite on Sept 4, 2020 | [–]

I recall hearing github is planning on Sha-256 some time

some_furry on Sept 4, 2020 | | [–]

They're more likely to employ counter-cryptanalysis [1] in the meantime.

[1] https://github.com/cr-marcstevens/sha1collisiondetection

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact