Hi Dan, Dan Shumow wrote: [replying out of order for convenience] > However, I agree with Adam Langley that basically all of the > finalists for a hash function replacement are about the same for the > security needs of Git. I think that, for this community, other > software engineering considerations should be more important to the > selection process. Thanks for this clarification, which provides some useful context to your opinion that was previously relayed by Dscho. [...] > So, as one of the coauthors of the SHA-1 collision detection code, I > just wanted to chime in and say I'm glad to see the move to a longer > hash function. Though, as a cryptographer, I have a few thoughts on > the matter that I thought I would share. > > I think that moving to SHA256 is a fine change, and I support it. More generally, thanks for weighing in and for explaining your rationale. Even (especially) having already made the decision, it's comforting to hear a qualified person endorsing that choice. Sincerely, Jonathan
