Hi, Johannes Schindelin wrote: > On Fri, 2 Jun 2017, Jonathan Nieder wrote: >> Johannes Schindelin wrote: >>> Maybe we should call out a specific month (or even a longer period) during >>> which we try to push toward that new hash function, and focus more on >>> those tasks (and on critical bug fixes, if any) than anything else. >> >> Thanks for offering. ;-) > > Undoubtedly my lack of command of the English language is to blame for > this misunderstanding. > > By no means did I try to indicate that I am ready to accept the > responsibility of working toward a new hash dumped on me. It was a joke. More seriously, I do appreciate your questions to get this discussion going. [...] > 3) the only person who could make that call is Junio I strongly disagree with this. > 4) we still have the problem that there is no cryptography expert among > those who in the Git project are listened to *shrug* I still don't know what you are suggesting here. Are you saying we should find a cryptography expert to pay? Or do you have other specific suggestions of how to attract them? >> How did you get the impression that their opinion had no impact? We have >> been getting feedback about the choice of hash function both on and off >> list from a variety of people, some indisputably security experts. >> Sometimes the best one can do is to just listen. > > I did get the impression by talking at length to a cryptography expert who > successfully resisted any suggestions to get involved in the Git mailing > list. I know of other potential Git contributors that have resisted getting involved in the Git mailing list, too. I still don't know what you are suggesting here. Forgive me for being dense. > There were also accounts floating around on Twitter that a certain > cryptography expert who dared to mention already back in 2005 how > dangerous it would be to hardcode SHA-1 into Git was essentially shown the > finger, and I cannot fault him for essentially saying "I told you so" > publicly. I think there is a concrete suggestion embedded here: when discussions go in an unproductive direction, my usual practice has been to keep away from them. This means that to a casual observer there can appear to be a consensus that doesn't really exist. We need to do better than that: when a prominent contributor like Linus and people newer to the project are emphatically dismissing the security impact of using a broken hash function, others in the project need to speak up to make it clear that those are not the actual opinions of the project. To put it another way: "The standard you walk past is the standard you accept". I have failed at this. It is a very hard problem to solve, but it is worth solving. > In my mind, it would have made sense to ask well-respected cryptographers > about their opinions and then try to figure out a consensus among them (as > opposed to what I saw so far, a lot of enthusastic talk by developers with > little standing in the cryptography community, mostly revolving around > hash size and speed as opposed to security). And then try to implement > that consensus in Git. Given my recent success rate with SHA-1 related > concerns, I am unfortunately not the person who can bring that about. > > But maybe you are. I think you are being a bit dismissive of both the work done so far and the value of your own work. I am happy to solicit more input from security researchers, though, and your suggestion to do so is good advice. Thanks and hope that helps, Jonathan