Mastodawn

2/2 Here are some highlights. Read the full paper here: https://link.springer.com/article/10.1007/s10601-025-09383-0

#ConstraintProgramming #Security #Cryptology #Cryptography #CryptographicHashFunctions #ConflictDrivenClauseLearning #BooleanSatisfiability #MD5 #SHA1 #SHA256

Constraints Journal Feb 23

1/2 Exciting news: we just published a new paper: "Preimage attacks on round-reduced MD5, SHA-1, and SHA-256 using parameterized SAT solver", by Oleg Zaikin

If you are interested in security, cryptology, or Constraint Programming, definitely give this paper a read!

https://link.springer.com/article/10.1007/s10601-025-09383-0

#ConstraintProgramming #Security #Cryptology #Cryptography #CryptographicHashFunctions #ConflictDrivenClauseLearning #BooleanSatisfiability #MD5 #SHA1 #SHA256

adlerweb // BitBastelei Feb 10

Seit mindestens 2015 ist klar, dass #SHA1 kaputt ist
Seit 2022 sagt #NIST, man soll SHA1 nicht nutzen
Seit 2025 ist angekündigt, dass #Debian SHA1 ab Februar 2026 nicht mehr akzeptieren wird.

Und jetzt ratet mal, wer zum Stichtag immer noch SHA1 nutzt und wessen Software daher nicht mehr installiert/aktualisiert werden kann.

- Microsoft #Azure
- #Ubiquity
- Teile von #NodeJS

Also die Bereiche, in denen Security ja offensichtlich keinerlei Relevanz hat.

Sikorski Arkadiusz Feb 2

Warning: Failed to fetch http://apt.llvm.org/trixie/dists/llvm-toolchain-trixie-20/InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421 is not bound: No binding signature at time 2025-08-09T21:49:56Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
#llvm #programing #linux #sha1 #apt
--> https://github.com/llvm/llvm-project/issues/179147

kpcyrd 🏴Jan 12

My #2026 resolution was field-testing sha256 git repos and I converted one of my minor projects, but since Github only supports sha1 I've moved the repository to codeberg:

https://codeberg.org/kpcyrd/ssh-keyonly

Everything else worked well. I'm also mirroring the repo to Arch Linux' Gitlab. Gitlab's UI didn't support creating sha256 repos, but this can be bypassed through the "import repository" feature.

I've used this guide, which was very helpful: https://cybrkyd.com/post/how-to-convert-a-sha1-git-repository-to-sha256/

#git #sha256 #sha1 #rust #codeberg

ssh-keyonly

Audit an ssh server for supported authentication methods

Codeberg.org

Jonathan Kamens 86 47 Jan 1

#TechIsShitDispatch
It's been more than a year since #Debian #Linux deprecated the insecure #SHA1 hash algorithm in #APT repositories.
The #Keybase, #Slack, and #Dropbox repositories (I'm sure among others) are still using SHA1, and therefore for over a year they have not worked in Debian without changing the default APT policies to allow them.
I know Slack knows about this, because I told them. A year ago.
Why haven't they upgraded the security on their repository?
Seriously, wtf?
#infosec

Diego Córdoba 🇦🇷Jun 17, 2025

20 años de #git... qué loco, y qué enorme pieza de software.

Interesante artículo, me quedo con la frase de Linus Torvalds sobre el uso de #SHA1 para verificar integridad de los archivos en Git:

"But to me, SHA-1 hashes were never about the security. It was about finding corruption."

No siempre los mecanismos criptográficos se utilizan para brindar seguridad, y algoritmos que son inseguros en algunas aplicaciones pueden ser perfectamente válidos en otras.

https://devclass.com/2025/04/11/20-years-of-git-never-a-big-thing-for-me-says-inventor-linus-torvalds/

20 years of Git: 'Never a big thing for me,' says inventor Linus Torvalds • DEVCLASS

Git, the dominant version control system for code, is 20 years old this month, but inventor Linus Torvalds […]

DEVCLASS

`Da Elf May 16, 2025

Interesting.

Collabora CODE server won't install on Alma Linux 9 ... beeecauuuse their Repo gpg key is using a SHA1 hash and Alma 9 says Nuh-Uh.

*Blink *Blink

Now I can set the policy to use SHA1 if I want to, aaaand I don't really want to.

THey're going to make me run this in a docker, aren't they.

#CollaboraOfficeOnline #AlmaLinux9 #GPG #SHA1 #OMGWTF #SysAdmin

Kingsley Uyi Idehen Jan 26, 2012

Example of a verifiable #Identity claim publication via a Tweet: #X509Cert di:sha1;KDF8kooXLSZZuylCH8jJMQKmhoQ :) #SHA1 #WebID #URI

Kingsley Uyi Idehen Jan 10, 2012

#X509Cert Fingerprint:C49C11C48830913D67597A07072ACD716BDD1B14 #SHA1 ; Subject Alt. Name: .