Re: About git and the use of SHA-1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Henrik Austad wrote:
Hi list!

As far as I have gathered, the SHA-1-sum is used as a identifier for commits, and that is the primary reason for using sha1. However, several places (including the google tech-talk featuring Linus himself) states that the id's are cryptographically secure.

As discussed in [1], SHA-1 is not as secure as it once was (and this was in 2005), and I'm wondering - are there any plans for migrating to another hash-algorithm? I.e. SHA-2, whirlpool..

[1] http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

Why not wait until the results of:
http://www.csrc.nist.gov/groups/ST/hash/index.html
are available. That will surely be soon enough (I think 2012 is the
expected finish date), and should prevent having to switch again in the
future.

The necessity or otherwise of improving the hashing will be clearer by
then too.

Tom

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux