Git and the security of SHA-1

I’ve heard quite a few times about how Git would be broken if someone found an easy way to create SHA-1 collisions.

A few years ago, after some attacks against SHA-1 were published, Linus explained that the security model of Git doesn’t depend on the hashes being cryptographically secure (although he said that it was a bonus and also mentioned a few possible problems).

There was an interesting thread in the Git mailing list about this topic: Starting to think about sha-256?.

12 thoughts on “Git and the security of SHA-1”

  1. Linus’s argument basically is that patches don’t automatically go into git databases; someone has to put them there. In the context of Linux, someone has to accept a patch, and merge it. So even if someone figured out how to create a patch that duplicated the SHA1-hash of some git object, they’d have to do it in a way that the patch looks credible enough to make someone else apply it, something that won’t work if it looks like line noise.

  2. In Fahrplan of Chaos Computer Clubs 26C3 in Berlin at the end of this year I have heard from a presentation about this topic. I think sha256 is the right choice, too.

  3. I argue that sha-256 is better suited to git’s purposes, and to modern machines, than sha-1.

    Upsides to sha-256:
    1- not just a bit increase, but a stronger algorithm. there is more mixing, doing a more-than-incrementally better job at avoiding collisions.
    2 – the bit increase itself provides more hash space, theoretically reducing collisions.
    3 – properly aligned, a set of 32-byte hashes won’t straddle CPU cachelines.

    Downsides to sha-256:
    1 – git protocol/storage format change implications.
    2 – increase in storage size (20 to 32 bytes per hash).
    3 – fewer hand-optimized algorithm variants have been implemented.
    4 – likely more CPU cycles per hash, though I haven’t measured.

  4. Oh come on guys… in 99% of use cases it ABSOLUTELY doesn’t matter if it’s strong or not and even md5 would do. It doesn’t need to be secure.

    Sha-256 is slower, takes up more space and provides almost zero additional value. Perhaps could be an option for security maniacs.

Leave a Reply

Your email address will not be published. Required fields are marked *