Dear Linus Torvalds,
What do you think to do when your git has to change from SHA-1 to SHA-2
because of the weaker collision-resistance of SHA-1 in the next years?
(e.g. from an damn developer trying to commit a collisioned-SHA-1 file)
http://csrc.nist.gov/groups/ST/hash/policy.html says
NIST's Policy on Hash Functions
-------------------------------
March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
applications using secure hash algorithms. Federal agencies should
stop using SHA-1 for digital signatures, digital time stamping and
other applications that require collision resistance as soon as
practical, and must use the SHA-2 family of hash functions for these
applications after 2010. After 2010, Federal agencies may use SHA-1
only for the following applications: hash-based message authentication
codes (HMACs); key derivation functions (KDFs); and random number
generators (RNGs). Regardless of use, NIST encourages application and
protocol designers to use the SHA-2 family of hash functions for all
new applications and protocols.
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
