Thus said John Long on Wed, 28 Aug 2013 11:57:01 -0000: > There are two "value added" things digital signing provides over > hashing in this specific example when fossil uses SHA1. One, a person > is taking responsibility for a commit and saying "I did this". Two, > PGP can use much stronger hashes than SHA1. What problem are we > trying to solve? If we're worried about detecting inadvertant data > corruption, then SHA1 is very likely good enough.
As to your question of what problem the SHA1 is used to solve: 2.1 Identification Of Artifacts A particular version of a particular file is called an "artifact". Each artifact has a universally unique name which is the SHA1 hash of the content of that file expressed as 40 characters of lower-case hexadecimal. Such a hash is referred to as the Artifact Identifier or Artifact ID for the artifact. The SHA1 algorithm is created with the purpose of providing a highly forgery-resistant identifier for a file. Given any file it is simple to find the artifact ID for that file. But given a artifact ID it is computationally intractable to generate a file that will have that Artifact ID. ... Changing (or adding or removing) a single byte in a file results in a completely different artifact ID. And since the artifact ID is the name of the artifact, making any change to a file results in a new artifact. In this way, artifacts are immutable. http://www.fossil-scm.org/index.html/doc/trunk/www/concepts.wiki Andy -- TAI64 timestamp: 40000000521e009b _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users