Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Detect SHA-1 collision based on the published attack [1]

Download Browse

It is a more generic way to detect a collision that the one we currently have. The detection method we currently have is only able to detect the published collision so far. With this contribution we are able to detect collision created in a similar way than the existing one. To have more information on how the detection works please report to [2]. This is part of request #10015: SHA-1 colliding files can break Subversion repository [1] https://shattered.io/static/shattered.pdf [2] https://marc-stevens.nl/research/papers/C13-S.pdf Change-Id: Id2b3e2bd800da8503850a70aa4852c022d317de9

+15 −5
Thomas Gerbet (tgerbet) 2017-04-03 21:47
Thomas Gerbet (tgerbet) 2017-04-03 22:00
b2e7955f3161c6448dfbb4123b3ddf570c88bd8e
3af774472da109a9d6f1cbae3799ec867114fd02
git #tuleap/stable/b2e7955f3161c6448dfbb4123b3ddf570c88bd8e

Modified Files

Side by side diff
Inline diff
Name
M src/common/svn/SHA1CollisionDetector.php +13 −5 Go to diff View file
M tools/rpm/tuleap.rhel6.spec +1 −0 Go to diff View file
M tools/rpm/tuleap.rhel7.spec +1 −0 Go to diff View file