"James A. Donald" <jam...@echeque.com> writes:
> Getting back towards topic, the hash function employed by Git is
> showing signs of bitrot, which, given people's desire to introduce
> malware backdoors and legal backdoors into Linux, could well become a
> problem in the very near future.

I believe attacks on Git's use of SHA-1 would require second pre-image
attacks, and I don't think anyone has demonstrated such a thing for
SHA-1 at this point. None the less, I agree that it would be better if
Git eventually used better hash functions. Attacks only get better with
time, and SHA-1 is certainly creaking.

Emphasis on "eventually", however. This is a "as soon as convenient, not
as soon as possible" sort of situation -- more like within a year than
within a week.

Yet another reason why you always should make the crypto algorithms you
use pluggable in any system -- you *will* have to replace them some day.

Perry E. Metzger                pe...@piermont.com

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to