An attacker would have to find a collision between two specific pieces of code - his malicious code and a useful innoculous code that would be accepted as pull request. This is the second, much harder case in the birthday problem. When people talk about SHA-1 being broken they actually mean the first case in the birthday problem - find any two arbitrary values that hash to the same value. So, no I don't think it's a feasible attack vector any time soon.Besides, with that kind of hashing power, it might be more feasible to cause problems in the chain by e.g. constantly splitting it.
On 1 April 2013 03:26, Melvin Carvalho <melvincarvalho@gmail.com> wrote:------------------------------------------------------------------------------Apologies if this has come up before ...I'm just curious if there is a possible attack vector here based on the fact that git uses the relatively week SHA1Could a seemingly innocuous pull request generate another file with a backdoor/nonce combination that slips under the radar?
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development