Recent press[1] is talking about sha-1 collisions again. Even though
the reported attack was against a weakened variant of sha-1 (64, not 80,
passes), it serves as a useful point to start talking about the future.
I argue that sha-256 is better suited to git's purposes, and to modern
machines, than sha-1.
Upsides to sha-256:
* not just a bit increase, but a stronger algorithm. there is more
mixing, doing a more-than-incrementally better job at avoiding collisions.
* the bit increase itself provides more hash space, theoretically
reducing collisions.
* properly aligned, a set of 32-byte hashes won't straddle CPU cachelines.
Downsides to sha-256:
* git protocol/storage format change implications.
* increase in storage size (20 to 32 bytes per hash).
* fewer hand-optimized algorithm variants have been implemented.
* likely more CPU cycles per hash, though I haven't measured.
Wikimedia page has lotsa info:
http://en.wikipedia.org/wiki/Secure_Hash_Algorithm
Maybe sha-256 could be considered for the next major-rev of git?
Jeff
[1] http://www.heise-security.co.uk/news/77244
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html