On Fri, Dec 02, 2011 at 12:08:39AM -0800, Bill Zaumen wrote:
> At one point Nguyen said that "What I'm thinking is whether it's
> possible to decouple two sha-1 roles in git, as object identifier
> and digest, separately. Each sha-1 identifies an object and an extra
> set of digests on the "same" object."
>
> My code pretty much does that (it just uses a CRC instead of a real
> digest, but I can easily change that). So the question is whether
> using SHA-1 as an ID and SHA-256(?) as a digest is a better long term
> solution than simply replacing SHA-1.
I think your code is solving the wrong problem (or solving the right
problem in a half-way manner). The only things that make sense to me
are:
1. Do nothing. SHA-1 is probably not broken yet, even by the NSA, and
even if it is, an attack is extremely expensive to mount. This may
change in the future, of course, but it will probably stay
expensive for a while.
2. Decouple the object identifier and digest roles, but insert the
digest into newly created objects, so it can be part of the
signature chain. I described such a scheme in one of my replies to
you. It has some complexities, but has the bonus that we can build
directly on older history, preserving its sha1s.
3. Replace SHA-1 with a more secure algorithm.
I'm probably in favor of (1) at this point. Whether to do (2) or (3)
will depend on where we are when SHA-1 gets feasibly broken. It may be
many years away, at which point we may be considering a git 2.0 that
breaks repository compatibility, anyway. That would be a natural time to
consider changing the algorithm.
> Replacing SHA-1 with something like SHA-256 sounds easier to implement,
> but the problem is all the existing repositories.
Right. I don't think anyone is denying that it would be a giant pain.
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html