commit-signing

Tag

Cards List
#commit-signing

Git Hash Chain Malleability

Hacker News Top · 2026-07-07 Cached

A research paper reveals that Git commit hashes can be malleated to produce a second valid commit with a different hash but identical content and valid signature, undermining trust in commit hash integrity and supply-chain security.

0 favorites 0 likes
#commit-signing

@IntCyberDigest: BREAKING: New research shows you can copy any signed GitHub commit into a second one that looks identical, without the …

X AI KOLs Timeline · 2026-07-07 Cached

New research from Carnegie Mellon shows that it's possible to create a distinct signed commit that appears identical to any existing signed commit, with a valid signature and GitHub 'Verified' badge, undermining the uniqueness of commit hashes as cryptographic fingerprints.

0 favorites 0 likes
← Back to home

Submit Feedback