hasufell schrieb:
On 11/04/2015 09:56 AM, Andrew Savchenko wrote:
No, it is not. The whole git tree is insecure and no better than
rsync or CVS in terms of data security because SHA1 is vulnerable.
Another one who is confusing _any_ collision with _preimage attack_ ;)
While Andrew's view is very pessimistic here, yours is decidedly optimistic.
There is no known computationally feasible preimage attack against MD5,
still that hash function is broken in serious ways with attacks already
having real-world consequences.
It would be quite naïve to assume that SHA1 will remain secure until a
preimage attack is found.
Best regards,
Chí-Thanh Christopher Nguyễn
