On Tue, Oct 16, 2018 at 1:31 AM brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Mon, Oct 15, 2018 at 04:59:12PM +0200, Duy Nguyen wrote: > > On Mon, Oct 15, 2018 at 4:23 AM brian m. carlson > > <sandals@xxxxxxxxxxxxxxxxxxxx> wrote: > > > > > > SHA-1 is weak and we need to transition to a new hash function. For > > > some time, we have referred to this new function as NewHash. Recently, > > > we decided to pick SHA-256 as NewHash. > > > > > > Add a basic implementation of SHA-256 based off libtomcrypt, which is in > > > the public domain. Optimize it and restructure it to meet our coding > > > standards. Place it in a directory called "sha256" where it and any > > > future implementations can live so as to avoid a proliferation of > > > implementation directories. > > > > > > Wire up SHA-256 in the list of hash algorithms, and add a test that the > > > algorithm works correctly. > > > > > > Note that with this patch, it is still not possible to switch to using > > > SHA-256 in Git. Additional patches are needed to prepare the code to > > > handle a larger hash algorithm and further test fixes are needed. > > > > At some point I assume SHA-256 will become functional and be part of a > > git release without all file formats updated to support multiple > > hashes. Should we somehow discourage the user from using it because it > > will break when all file formats are finally updated? > > In order to activate SHA-256 in the codebase, currently you need a patch > to force it on. Otherwise, the code is simply inert and does nothing > (other than in the test-tool). I've included the patch below so you can > see what it does (or if you want to play around with it). > > Without this patch, Git remains fully SHA-1 and can't access any of the > SHA-256 code. I have some very preliminary patches that do wire up > extensions.objectFormat (branch object-id-part15 [sic]) but I haven't > picked them up in a while. (I need to finish test fixes first.) Ah, I thought that extensions.objectFormat and setup changes already landed (I think I saw that series on this list). Sorry for the noise. -- Duy
