1. 42
    A new hash algorithm for Git security vcs lwn.net
    fkooman avatar via fkooman 1 year ago | cached | 10 comments

  1.  

  2. 6
    kolen avatar kolen 1 year ago | link

    Command line options to convert to new hashes look weird. “Frobnicate blobs”, “climb subtrees”, “use shovels”, “carbon offsets”.

    1. 13
      arp242 avatar arp242 1 year ago | link

      I think it’s intended as a joke/funny example.

      1. 1
        bhrgunatha avatar bhrgunatha 1 year ago | link

        Yes. Other parts that made me chuckle:

        Somewhere out there is certainly some developer who actually memorizes SHA‑1 hashes

        and

        The value of write-only repositories is generally agreed to be relatively low

      2. 10
        soc avatar soc 1 year ago | link

        I think it’s tribute to people creating fake Git manual entries with Markov chains and a 17th century forestry book (and the resulting texts being barely distinguishable from the original man pages).

        (I can’t find the original “fake” generator, but here is a similar page: https://git-man-page-generator.lokaltog.net/)

        1. 4
          steveno avatar steveno 1 year ago | link

          https://en.m.wikipedia.org/wiki/Poe%27s_law

        2. 6
          funny_grass avatar funny_grass 1 year ago | link

          I was interested in how fossil handled the SHA1 transition and found it nicely explained here if anyone is interested: https://fossil-scm.org/home/doc/trunk/www/hashpolicy.wiki

          1. 5
            geek-advised avatar geek-advised 1 year ago | link

            Would it make sense to use concat(sha1, sha256) hash algorithm? This wouldn’t change the prefixes while improving the strength of an algorithm (by including SHA256 in a hash).

            1. 10
              kornel avatar kornel 1 year ago | link

              No, because trees are hashes-of-hashes, so if you change anything at all about them, their hashes will change, and therefore commit hashes will change.

              1. 2
                eloy avatar eloy 1 year ago | link

                I don’t think that a different the prefix is a problem anyway. The problem is backwards compatibility and doing a large overhaul of the entire source code, which contains the hashes as hardcoded arrays.

              2. 2
                msingle avatar msingle 1 year ago | link

                I realize there were existing constraints, but this seems like the sort of thing multihash (which I stumbled across from IPFS) would avoid.