[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SHA1 collisions became cheaper to create.

From: Paul Hammant <paul_at_hammant.org>
Date: Tue, 21 May 2019 06:02:33 +0100

The Git folks moved to a hardened SHA1 function as an interim measure
on the way to SHA-256 -

I think you're generally right. While I might think that an auditor
would simply be advised of the root hash for a Merkle tree that for a
branch at a moment in time, or a tag, Subversion doesn't have a a
Merkle tree under the hood. I coded something niche to retrofit
Subversion with that, but it's not core and far from perfect as it
relies on an LRU cache and keeps no history itself. Git's merkle tree
would be perfect if it didn't blow up when repos get too big, and if
allowed clone from nodes other than root (branches and tags are in
respect of root of course). So, ignore me here.
Received on 2019-05-21 07:06:42 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.