On 28.12.2022 13:34, Daniel Sahlberg wrote:
Since we need to be backwards compatible with older v1 clients, can
this check ever be removed (before Subversion 2)?
The case you're citing is specific to the repository, you could easily
have a repository format that uses different hashes. The same for the RA
layer, where we have capability negotiation; likewise for the WC. We'll
always need compatibility with older formats, but a new enough client
and server could use, e.g., SHA-256 or -512 all the way from WC to
repository.
So, while I believe f32 is a good opportunity to switch to a new hash,
what is the problem we would like to solve with a new hash?
On the other hand, there can be no "switching to" a new hash, because
you don't know what the server actually supports -- hence, we'll always
have to keep SHA-1 around. :) IMO Karl described one possible attack
vector, and given the context (Wordpress...) it's probably only a matter
of time before it happens.
-- Brane