Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes: > On Thu, Aug 23 2018, Junio C Hamano wrote: > >> Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes: >> >>>> - The trailer consists of the following: >>>> - A copy of the 20-byte SHA-256 checksum at the end of the >>>> corresponding packfile. >>>> >>>> - 20-byte SHA-256 checksum of all of the above. >>> >>> We need to update both of these to 32 byte, right? Or are we planning to >>> truncate the checksums? >> >> https://public-inbox.org/git/CA+55aFwc7UQ61EbNJ36pFU_aBCXGya4JuT-TvpPJ21hKhRengQ@xxxxxxxxxxxxxx/ > > Thanks. > > Yeah for this checksum purpose even 10 or 5 characters would do, but > since we'll need a new pack format anyway for SHA-256 why not just use > the full length of the SHA-256 here? We're using the full length of the > SHA-1. > > I don't see it mattering for security / corruption detection purposes, > but just to avoid confusion. We'll have this one place left where > something looks like a SHA-1, but is actually a trunctated SHA-256. I would prefer to see us at least explore if the gain in throughput is sufficiently big if we switch to weaker checksum, like crc32. If does not give us sufficient gain, I'd agree with you that consistently using full hash everywhere would conceptually be cleaner.