[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SHA1 collisions became cheaper to create.

From: Nathan Hartman <hartman.nathan_at_gmail.com>
Date: Tue, 21 May 2019 09:32:12 -0400

On Tue, May 21, 2019 at 1:06 AM Paul Hammant <paul_at_hammant.org> wrote:

> The Git folks moved to a hardened SHA1 function as an interim measure
> on the way to SHA-256 -
> https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt
> I think you're generally right. While I might think that an auditor
> would simply be advised of the root hash for a Merkle tree that for a
> branch at a moment in time, or a tag, Subversion doesn't have a a
> Merkle tree under the hood. I coded something niche to retrofit
> Subversion with that, but it's not core and far from perfect as it
> relies on an LRU cache and keeps no history itself. Git's merkle tree
> would be perfect if it didn't blow up when repos get too big, and if
> allowed clone from nodes other than root (branches and tags are in
> respect of root of course). So, ignore me here

Why a merkle tree? One of Subversion's strengths is its linear revision
history. You could use blockchain and get financial strength audit ability.
Received on 2019-05-21 15:32:32 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.