Signing git commits is broken anyway as you are basically signing the commit has... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dependenttypes on Sept 4, 2020 \| parent \| context \| favorite \| on: GnuPG 2.2.23 Signing git commits is broken anyway as you are basically signing the commit hash (which is a sha1, whose collision resistance is broken).

cordite on Sept 4, 2020 [–]

I recall hearing github is planning on Sha-256 some time

some_furry on Sept 4, 2020 | [–]

They're more likely to employ counter-cryptanalysis [1] in the meantime.

[1] https://github.com/cr-marcstevens/sha1collisiondetection

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact