On Thu, Dec 1, 2011 at 1:05 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Nguyen Thai Ngoc Duy <pclouds@xxxxxxxxx> writes: > >> What I'm thinking is whether it's possible to decouple two sha-1 roles >> in git, as object identifier and digest, separately. > > Why it would be a good thing? If you have a collided identifier, somebody > has to choose which blob a particular tree wants to have at the path, and > because the tree would not record anything but the identifier, you cannot. Accidental collision likelihood is small enough we don't have to care about. >> ... >> The day sha-1 is broken, a project can generate new digests from its >> old good repo and enforce developers to use new digests for >> verification instead of sha-1. sha-1 is still used by git as >> identifier after that day. > > And an old blob that is identified with a SHA-1 now has a new blob that > has different contents but happens to have the same SHA-1. How does Git > decide which blob to use when a particular object is named by the SHA-1? Again, I assume the likelihood that a content happens to have the same sha-1 with another one is too low to care about. If they are, it's must be an attack. We do not allow malicious objects to enter in the first place using other digests. Once objects are in, they are safe to use. -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html