From: Jeff King <peff@peff.net>
To: Nguyen Thai Ngoc Duy <pclouds@gmail.com>
Cc: Bill Zaumen <bill.zaumen@gmail.com>,
Git Mailing List <git@vger.kernel.org>
Subject: Re: Suggestion on hashing
Date: Fri, 2 Dec 2011 13:09:51 -0500 [thread overview]
Message-ID: <20111202180951.GC24093@sigill.intra.peff.net> (raw)
In-Reply-To: <CACsJy8CO1GtpZVo-oA2eKbQadsXYBEKVLfUH0GONR5jovuvH+Q@mail.gmail.com>
On Fri, Dec 02, 2011 at 09:22:31PM +0700, Nguyen Thai Ngoc Duy wrote:
> > So the question is whether
> > using SHA-1 as an ID and SHA-256(?) as a digest is a better long term
> > solution than simply replacing SHA-1.
>
> I would not stick with any algorithm permanently. No one knows when
> SHA-256 might be broken.
Yeah, you could stick a few bits of algorithm parameter in the beginning
of each identifier. It would mean unique hashes get one character or so
longer (and they would all start with "1", or whatever the identifier
is).
SHA-256 doesn't suffer from SHA-1's problems, though they are based on
related constructions, so I think there is some concern that it may
eventually fail in the same way. SHA-3 is a better bet in that sense,
but it will also be very unproven, even once it is actually
standardized.
> > Replacing SHA-1 with something like SHA-256 sounds easier to implement,
>
> SHA-1 charateristics (like 20 byte length) are hard coded everywhere
> in git, it'd be a big audit.
In theory, you could truncate a longer hash to 160-bits. It's not the
bit-strength of SHA-1 that is the problem, but the attacks on the
algorithm itself which reduce the bit-strength to something too low.
I would think a truncated result would retain the same cryptographic
properties, as one of the properties of the un-truncated hash is that
changes in the input data are reflected throughout the hash. Some
hashes, like Skein, explicitly have a big internal state, and then just
let you output as many bytes as is appropriate (i.e., being a drop-in
replacement for SHA-1 is an explicit goal).
But I'm not a cryptographer, so there may be some subtle issues with
doing that to arbitrary hash functions.
-Peff
next prev parent reply other threads:[~2011-12-02 18:09 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1322813319.4340.109.camel@yos>
2011-12-02 14:22 ` Suggestion on hashing Nguyen Thai Ngoc Duy
2011-12-02 18:09 ` Jeff King [this message]
2011-12-03 0:48 ` Bill Zaumen
2011-12-06 1:56 ` Chris West (Faux)
2011-12-06 3:47 ` Bill Zaumen
2011-12-06 4:46 ` Nguyen Thai Ngoc Duy
2011-12-06 6:02 ` Bill Zaumen
2011-12-06 6:23 ` Nguyen Thai Ngoc Duy
2011-12-07 1:44 ` Bill Zaumen
2011-12-02 17:54 ` Jeff King
2011-12-03 1:50 ` Bill Zaumen
2011-12-03 15:08 ` Jeff King
2011-12-03 15:34 ` Philip Oakley
2011-12-03 21:21 ` Bill Zaumen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111202180951.GC24093@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=bill.zaumen@gmail.com \
--cc=git@vger.kernel.org \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).