Henrik Austad wrote:
Hi list!
As far as I have gathered, the SHA-1-sum is used as a identifier for commits,
and that is the primary reason for using sha1. However, several places
(including the google tech-talk featuring Linus himself) states that the id's
are cryptographically secure.
As discussed in [1], SHA-1 is not as secure as it once was (and this was in
2005), and I'm wondering - are there any plans for migrating to another
hash-algorithm? I.e. SHA-2, whirlpool..
[1] http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
Why not wait until the results of:
http://www.csrc.nist.gov/groups/ST/hash/index.html
are available. That will surely be soon enough (I think 2012 is the
expected finish date), and should prevent having to switch again in the
future.
The necessity or otherwise of improving the hashing will be clearer by
then too.
Tom
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
