"James A. Donald" <[email protected]> writes: > Getting back towards topic, the hash function employed by Git is > showing signs of bitrot, which, given people's desire to introduce > malware backdoors and legal backdoors into Linux, could well become a > problem in the very near future.
I believe attacks on Git's use of SHA-1 would require second pre-image attacks, and I don't think anyone has demonstrated such a thing for SHA-1 at this point. None the less, I agree that it would be better if Git eventually used better hash functions. Attacks only get better with time, and SHA-1 is certainly creaking. Emphasis on "eventually", however. This is a "as soon as convenient, not as soon as possible" sort of situation -- more like within a year than within a week. Yet another reason why you always should make the crypto algorithms you use pluggable in any system -- you *will* have to replace them some day. Perry -- Perry E. Metzger [email protected] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
