25 Jan
2008
25 Jan
'08
5:41 a.m.
* zooko wrote:
This makes the choice of SHA-1 for the patch-id-generation function wholly inappropriate. We already know that SHA-1 doesn't have collision resistance, and there is reason to suspect that in the near future it will turn out that it doesn't have second-pre-image resistance either.
Calm down! The found collisions in SHA-1 require some very specific environment choices. I doubt darcs will allow those preconditions.