Hi list! As far as I have gathered, the SHA-1-sum is used as a identifier for commits, and that is the primary reason for using sha1. However, several places (including the google tech-talk featuring Linus himself) states that the id's are cryptographically secure. As discussed in [1], SHA-1 is not as secure as it once was (and this was in 2005), and I'm wondering - are there any plans for migrating to another hash-algorithm? I.e. SHA-2, whirlpool.. [1] http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html -- mvh Henrik Austad
Attachment:
signature.asc
Description: This is a digitally signed message part.
