niconiconi [MOVED]

#TIL Back in 2005, John Gilmore and Zooko (both are well-known cypherpunks) told Linus Torvalds he should avoid using SHA-1 in git right now before it's too late, since it was already theoretically unsound. Linus completely rejected this suggestion. :blobfacepalm: He said the attack is theoretical, and git's hash is not meant for security anyway - if you want to use git securely, you should only trust your local tree and never pull code from a public server. :blobfacepalm:

This decision basically summarizes the upstream kernel community's historical attitude on security mitigations...

RT @bascule@twitter.com: 2005 John Gilmore vs Linus Torvalds on SHA1 "debate" in a nutshell metzdowd.com/pipermail/cryptog

RT @zooko@twitter.com: I, too, begged Linus not to use SHA1 and he (indirectly) mocked me for it. IIRC I suggested that they use Tiger-192 instead. If they had, it would still be working fine and would not require an upgrade.

#infosec #git #cryptography #crypto #cypherpunk

1
LucifarGundam
Follow

@niconiconi
I feel this meme should be used more often in reference to easily avoidable security threats.

· · 0 · 0 · 0
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy