Re: SHA1 collisions became cheaper to create.

From: Paul Hammant <paul_at_hammant.org>
Date: Tue, 21 May 2019 06:02:33 +0100

The Git folks moved to a hardened SHA1 function as an interim measure
on the way to SHA-256 -
https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt

I think you're generally right. While I might think that an auditor
would simply be advised of the root hash for a Merkle tree that for a
branch at a moment in time, or a tag, Subversion doesn't have a a
Merkle tree under the hood. I coded something niche to retrofit
Subversion with that, but it's not core and far from perfect as it
relies on an LRU cache and keeps no history itself. Git's merkle tree
would be perfect if it didn't blow up when repos get too big, and if
allowed clone from nodes other than root (branches and tags are in
respect of root of course). So, ignore me here.
Received on 2019-05-21 07:06:42 CEST

This message: [ Message body ]
Next message: Nathan Hartman: "Re: SHA1 collisions became cheaper to create."
Previous message: Julian Foad: "Re: AW: JavaHL: Writing unified diff to file hangs for changes to svn:ignore"
In reply to: Daniel Shahaf: "Re: SHA1 collisions became cheaper to create."
Next in thread: Nathan Hartman: "Re: SHA1 collisions became cheaper to create."
Reply: Nathan Hartman: "Re: SHA1 collisions became cheaper to create."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]