Signing git commits is broken anyway as you are basically signing the commit has... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dependenttypes on Sept 4, 2020 | parent | context | favorite | on: GnuPG 2.2.23

Signing git commits is broken anyway as you are basically signing the commit hash (which is a sha1, whose collision resistance is broken).

cordite on Sept 4, 2020 [–]

I recall hearing github is planning on Sha-256 some time

some_furry on Sept 4, 2020 | [–]

They're more likely to employ counter-cryptanalysis [1] in the meantime.

[1] https://github.com/cr-marcstevens/sha1collisiondetection

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact