📅 Original date posted:2013-04-01
📝 Original message:An attacker would have to find a collision between two specific pieces of
code - his malicious code and a useful innoculous code that would be
accepted as pull request. This is the second, much harder case in the
birthday problem. When people talk about SHA-1 being broken they actually
mean the first case in the birthday problem - find any two arbitrary values
that hash to the same value. So, no I don't think it's a feasible attack
vector any time soon.
Besides, with that kind of hashing power, it might be more feasible to
cause problems in the chain by e.g. constantly splitting it.
On 1 April 2013 03:26, Melvin Carvalho <melvincarvalho at gmail.com> wrote:
> I was just looking at:
>
> https://bitcointalk.org/index.php?topic=4571.0
>
> I'm just curious if there is a possible attack vector here based on the
> fact that git uses the relatively week SHA1
>
> Could a seemingly innocuous pull request generate another file with a
> backdoor/nonce combination that slips under the radar?
>
> Apologies if this has come up before ...
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel® Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game
> on Steam. $5K grand prize plus 10 genre and skill prizes.
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130401/8f2483a3/attachment.html>;
Petr Praus [ARCHIVE] /
npub1jl…mzsyg
2023-06-07 11:42:33
in reply to nevent1q…ahsa
Author Public Key
npub1jl9phmfrflkqfm34r2mn9yszrwgpmdq8nh4s0y00xr7yy83ug48sumzsygPublished at
2023-06-07 11:42:33Event JSON
{
"id": "39097abc03fe147f8dbc04237d72573305dea68cf1adc3b25862238229980187",
"pubkey": "97ca1bed234fec04ee351ab73292021b901db4079deb0791ef30fc421e3c454f",
"created_at": 1686138153,
"kind": 1,
"tags": [
[
"e",
"376915607cf28908297a49c1e3bfa7d2a09a4c98505d9700468cfd7dda18d84b",
"",
"root"
],
[
"e",
"53392e29184f6856da0e9846477d7af6fc1e99b5a081c09f934580aecaa03b84",
"",
"reply"
],
[
"p",
"e316966328c4cb66c34719ef9a7b3bc54ef601663ad4ab06185991237735aa19"
]
],
"content": "📅 Original date posted:2013-04-01\n📝 Original message:An attacker would have to find a collision between two specific pieces of\ncode - his malicious code and a useful innoculous code that would be\naccepted as pull request. This is the second, much harder case in the\nbirthday problem. When people talk about SHA-1 being broken they actually\nmean the first case in the birthday problem - find any two arbitrary values\nthat hash to the same value. So, no I don't think it's a feasible attack\nvector any time soon.\n\nBesides, with that kind of hashing power, it might be more feasible to\ncause problems in the chain by e.g. constantly splitting it.\n\n\nOn 1 April 2013 03:26, Melvin Carvalho \u003cmelvincarvalho at gmail.com\u003e wrote:\n\n\u003e I was just looking at:\n\u003e\n\u003e https://bitcointalk.org/index.php?topic=4571.0\n\u003e\n\u003e I'm just curious if there is a possible attack vector here based on the\n\u003e fact that git uses the relatively week SHA1\n\u003e\n\u003e Could a seemingly innocuous pull request generate another file with a\n\u003e backdoor/nonce combination that slips under the radar?\n\u003e\n\u003e Apologies if this has come up before ...\n\u003e\n\u003e\n\u003e ------------------------------------------------------------------------------\n\u003e Own the Future-Intel\u0026reg; Level Up Game Demo Contest 2013\n\u003e Rise to greatness in Intel's independent game demo contest.\n\u003e Compete for recognition, cash, and the chance to get your game\n\u003e on Steam. $5K grand prize plus 10 genre and skill prizes.\n\u003e Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d\n\u003e _______________________________________________\n\u003e Bitcoin-development mailing list\n\u003e Bitcoin-development at lists.sourceforge.net\n\u003e https://lists.sourceforge.net/lists/listinfo/bitcoin-development\n\u003e\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130401/8f2483a3/attachment.html\u003e",
"sig": "aef247891b55efb18060616aea24dd8db9400cc966c006d5204dece48350801149fef7a9d053c93d756d98b106b493ebc152a66060650861b10a088b70d87feb"
}