Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use
CollisionDetection
SHA1 backend within libgit2
libgit2 supports SHA1 collision detection [0], which basically identifies files that have distinctive sequences of bytes that show they have been hand-crafted to defeat SHA1, and instead alters the SHA1 hashing algorithm to do something different for those bytestreams. This "hardens" the SHA1 implementation, and importantly for us, doesn't introduce any extra dependencies such as libssl. [0]: https://blog.github.com/2017-03-20-sha-1-collision-detection-on-github-com/
- Loading branch information