Off the top of my head: git can only use sha1 which makes it unsuitable for any ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shykes on Aug 2, 2016 \| parent \| context \| favorite \| on: Show HN: Noms – A new decentralized database based... Off the top of my head: git can only use sha1 which makes it unsuitable for any use case where you need to cryptographically verify the origin of data (so far nobody was able to tell me definitely how secure git signed commits and tags really are).

lilyball on Aug 2, 2016 [–]

Assuming SHA1 has second pre-image resistance (which it currently still does), the security of git signed commits/tags is the same thing as the security of the private key used to sign the commits/tags.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact