On Tue, Apr 29, 2008 at 10:55 AM, Nicolas Pitre <nico@xxxxxxx> wrote: > On Tue, 29 Apr 2008, Geoffrey Irving wrote: > > > > Sorry for the confusion: it would handwaving if I was saying git was insecure, > > but I'm not. I'm saying that if or when SHA1 becomes vulnerable to collision > > attacks, git will be insecure. > > Right. And if or when that happens then we'll make Git secure again > with a different hash. In the mean time there is low return for the > effort involved. Yes. I wasn't trying to advocate switching, just making sure people know that the "collisions don't matter" argument is bogus. One important thing: when SHA1 becomes vulnerable to collision attacks, it will still be secure to trust the repositories and tags that exist *at that moment.* I.e., the transition period from SHA1 to the next hash will also be secure, assuming that preimage attacks don't become possible simultaneously. So everything is good. Geoffrey -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
