top | item 22236685

(no title)

The author does seem to concede that hitting all the checkmarks in an attack on git would be pretty tricky:

> An attacker would not just have to do that, though; this new version would have to contain the desired hostile code, still function as a working floppy driver, and not look like an obfuscated C code contest entry

The whole idea is that they want to switch away before these things become likely. They are unlikely now, but SHA-1 is only getting weaker as time goes by and more research is done.

discuss

pdonis|6 years ago

> and not look like an obfuscated C code contest entry

The full quote here is even better:

"and not look like an obfuscated C code contest entry (at least not more than it already does)."