signature-malleability

Tag

Cards List
#signature-malleability

New Research: A "Verified" GitHub Commit Is NOT Unique

Lobsters Hottest · 2026-07-07 Cached

A new preprint by Jacob Ginesin reveals that verified GitHub commits can be manipulated to produce multiple valid signatures with different hashes, undermining the assumption of uniqueness and affecting supply-chain security.

0 favorites 0 likes
← Back to home

Submit Feedback