Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Unless someone is very good at finding SHA1 collisions.


The collisions need to deliver malicious payload as well, making it extra hard


Those are still very hard to get for a random hash, and GitHub I think warns (or blocks?) you if you try to push a hash with a known vulnerability.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: