[Cryptography] Just in case it isn't obvious...
Bill Cox
waywardgeek at gmail.com
Mon Feb 27 07:47:12 EST 2017
On Fri, Feb 24, 2017 at 5:27 PM, Ron Garret <ron at flownet.com> wrote:
>
> There is an easy short-term mitigation for this: before computing the hash
> of any object longer than 319 bytes, compute the hash of the first 320
> bytes and check if it is f92d74e3874587aaf443d1db961d4e26dde13e9c . If
> it is, throw an error. But of course that will only work until the next
> SHA1 collision is found.
>
I found another simple fix for git. I thought it would be really hard,
because "SHA1" is a hard-coded call in ~1,000 places. Instead, just define
a new function called sha1. I've added a BLAKE2b wrapper locally. It was
a tiny change, makes it more secure, and is faster than SHA1.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170227/50644614/attachment.html>
More information about the cryptography
mailing list