On Tue, Oct 28, 2014 at 2:42 PM, Baruch Burstein <bmburst...@gmail.com> wrote:
> If it is sha1, are there plans to switch to sha256? > > > I am not an authority on fossil roadmap, but I would guess that there is > no such plan. Why switch? the hashes are not used for security, but as a > type of checksum. The chance of two sha1 hashes colliding accidentally is > astronomical. > i remember the topic coming up once several years ago (seems like 4+), and the chance of a problematic in the context of a single repo (which is the only place a UUID conflict matters) were proven (by those with the Powers of Math, not me) to be so unfathomably small that it was eventually dropped. An sha1 conflict between separate files in different repos is, in effect, no problem at all, which narrows down the window for "real" hash collisions considerably compared to if UUIDs had to be unique worldwide. i don't remember any numbers from that thread, but do remember one quote. When (whoever it was, probably Richard) explained that The Math shows that a collision is not likely to happen until some tens of thousands of years in the future, someone asked, "but what then?" -- ----- stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal "Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
