25 Feb
2017
25 Feb
'17
5:23 p.m.
On Sat, 25 Feb 2017 09:26:28 -0800, Richard Hesse said:
Git prefixes blobs with its own data. You're not going to break git with a SHA-1 binary collision. However, svn is very vulnerable to breaking.
And here's the proof-of-concept for svn breakage. Somebody managed to make the WebKit svn totally lose its mind by uploading the two PoC PDFs.... https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke...