Jeff King <p...@peff.net> writes: > Yeah, I think we can assume it will be possible with SHAttered levels of > effort. An attacker can use it to create a persistent corruption by > having somebody fetch from them twice. So not really that interesting an > attack, but it is something. I still think that ditching SHA-1 for the > naming is probably a better fix than worrying about SHA-1 collisions.
Yes, I agree with that part. Our trailer checksum happens to be SHA-1 mostly because the code was available, not because they need to be a crypto-strong hash. It can safely be changed to something other than SHA-1 that is much faster, if that is desired, when it is used only for bit-flip detection of local files like the index file. I also agree that changing the naming scheme (e.g. use the "hash" as a hash to choose hash-bucket but accept the fact that hashes can collide) is a better solution, if this "packname can collide" were to become real problem. Thanks.
