On 1 April 2013 20:28, Petr Praus wrote: > An attacker would have to find a collision between two specific pieces of > code - his malicious code and a useful innoculous code that would be > accepted as pull request. This is the second, much harder case in the > birthday problem. When people talk about SHA-1 being broken they actually > mean the first case in the birthday problem - find any two arbitrary values > that hash to the same value. So, no I don't think it's a feasible attack > vector any time soon. > > Besides, with that kind of hashing power, it might be more feasible to > cause problems in the chain by e.g. constantly splitting it. > OK, maybe im being *way* too paranoid here ... but what if someone had access to github, could they replace one file with one they had prepared at some point? > > > On 1 April 2013 03:26, Melvin Carvalho wrote: > >> I was just looking at: >> >> https://bitcointalk.org/index.php?topic=4571.0 >> >> I'm just curious if there is a possible attack vector here based on the >> fact that git uses the relatively week SHA1 >> >> Could a seemingly innocuous pull request generate another file with a >> backdoor/nonce combination that slips under the radar? >> >> Apologies if this has come up before ... >> >> >> ------------------------------------------------------------------------------ >> Own the Future-Intel® Level Up Game Demo Contest 2013 >> Rise to greatness in Intel's independent game demo contest. >> Compete for recognition, cash, and the chance to get your game >> on Steam. $5K grand prize plus 10 genre and skill prizes. >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> >