Unless someone is very good at finding SHA1 collisions. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bqmjjx0kac on June 24, 2023 \| parent \| context \| favorite \| on: Millions of GitHub repos likely vulnerable to Repo... Unless someone is very good at finding SHA1 collisions.

NhanH on June 24, 2023 | [–]

The collisions need to deliver malicious payload as well, making it extra hard

manwe150 on June 24, 2023 | [–]

Those are still very hard to get for a random hash, and GitHub I think warns (or blocks?) you if you try to push a hash with a known vulnerability.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact