From: Patrick Steinhardt <ps@pks.im>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org,
Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Phillip Wood <phillip.wood123@gmail.com>,
Justin Tobler <jltobler@gmail.com>,
Dragan Simic <dsimic@manjaro.org>,
Karthik Nayak <karthik.188@gmail.com>,
Todd Zullinger <tmz@pobox.com>
Subject: Re: [PATCH v5 2/4] BreakingChanges: document upcoming change from "sha1" to "sha256"
Date: Tue, 4 Jun 2024 09:06:00 +0200 [thread overview]
Message-ID: <Zl682Dk6RcFOC2rA@framework> (raw)
In-Reply-To: <xmqqfrtu56fo.fsf@gitster.g>
[-- Attachment #1: Type: text/plain, Size: 4238 bytes --]
On Mon, Jun 03, 2024 at 09:36:59AM -0700, Junio C Hamano wrote:
> Patrick Steinhardt <ps@pks.im> writes:
>
> > Starting with 8e42eb0e9a (doc: sha256 is no longer experimental,
> > 2023-07-31), the "sha256" object format is no longer considered to be
> > experimental. Furthermore, the SHA-1 hash function is actively
> > recommended against by for example NIST and FIPS 140-2, and attacks
> > against it are becoming more practical both due to new weaknesses
> > (SHAppening, SHAttered, Shambles) and due to the ever-increasing
> > computing power. It is only a matter of time before it can be considered
> > to be broken completely.
> >
> > Let's plan for this event by being active instead of waiting for it to
> > happend and announce that the default object format is going to change
> > from "sha1" to "sha256" with Git 3.0.
> >
> > All major Git implementations (libgit2, JGit, go-git) support the
> > "sha256" object format and are thus prepared for this change. The most
> > important missing piece in the puzzle is support in forges. But while
> > GitLab recently gained experimental support for the "sha256" object
> > format though, to the best of my knowledge GitHub doesn't support it
> > yet. Ideally, announcing this upcoming change will encourage forges to
> > start building that support.
> >
> > Signed-off-by: Patrick Steinhardt <ps@pks.im>
> > ---
> > Documentation/BreakingChanges.txt | 24 ++++++++++++++++++++++++
> > 1 file changed, 24 insertions(+)
> >
> > diff --git a/Documentation/BreakingChanges.txt b/Documentation/BreakingChanges.txt
> > index ddce7cc301..904857a636 100644
> > --- a/Documentation/BreakingChanges.txt
> > +++ b/Documentation/BreakingChanges.txt
> > @@ -61,6 +61,30 @@ be changed to or replaced in case the alternative was implemented already.
> >
> > === Changes
> >
> > +* The default hash function for new repositories will be changed from "sha1"
> > + to "sha256". SHA-1 has been deprecated by NIST in 2011 and is nowadays
> > + recommended against in FIPS 140-2 and similar certifications. Furthermore,
> > + there are practical attacks on SHA-1 that weaken its cryptographic properties:
> > ++
> > + ** The SHAppening (2015). The first demonstration of a practical attack
> > + against SHA-1 with 2^57 operations.
> > + ** SHAttered (2017). Generation of two valid PDF files with 2^63 operations.
> > + ** Birthday-Near-Collision (2019). This attack allows for chosen prefix
> > + attacks with 2^68 operations.
> > + ** Shambles (2020). This attack allows for chosen prefix attacks with 2^63
> > + operations.
> > ++
> > +While we have protections in place against known attacks, it is expected
> > +that more attacks against SHA-1 will be found by future research. Paired
> > +with the ever-growing capability of hardware, it is only a matter of time
> > +before SHA-1 will be considered broken completely. We want to be prepared
> > +and will thus change the default hash algorithm to "sha256" for newly
> > +initialized repositories.
> > ++
> > +Cf. <2f5de416-04ba-c23d-1e0b-83bb655829a7@zombino.com>,
> > +<20170223155046.e7nxivfwqqoprsqj@LykOS.localdomain>,
> > +<CA+EOSBncr=4a4d8n9xS4FNehyebpmX8JiUwCsXD47EQDE+DiUQ@mail.gmail.com>.
>
> A few things we should probably list are:
>
> - Even if you can locally use SHA-256 in your project and
> push/fetch the history around, public forges may not be ready.
>
> - The strategy to migrate existing SHA-1 project to SHA-256 without
> going through a flag day change has been designed but not
> implemented or deployed.
>
> - This is only about the change of the default; we currently have
> no plan to drop support for SHA-1 repositories.
>
> IMHO, we would want each and every item in this document to mention
> the risk factors that may prevent us from going forward even if we
> wanted to, and the first item above is an example.
>
> Thanks.
I agree that explicitly mentioning (1) and (3) is sensible. Is the
second one important though given that this is about the default when
creating _new_ repositories? I don't think interop code is a requirement
to make "sha256" the default, is it?
Patrick
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-06-04 7:06 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-07 8:27 [RFC PATCH] docs: document upcoming breaking changes Patrick Steinhardt
2024-05-07 10:38 ` Johannes Schindelin
2024-05-08 13:55 ` Patrick Steinhardt
2024-05-07 22:02 ` Junio C Hamano
2024-05-08 13:54 ` Patrick Steinhardt
2024-05-08 14:58 ` Junio C Hamano
2024-05-08 15:59 ` Dragan Simic
2024-05-10 11:36 ` Patrick Steinhardt
2024-05-10 12:43 ` Dragan Simic
2024-05-08 13:15 ` Phillip Wood
2024-05-08 13:55 ` Patrick Steinhardt
2024-05-10 2:15 ` Justin Tobler
2024-05-10 4:47 ` Junio C Hamano
2024-05-14 6:50 ` Patrick Steinhardt
2024-05-14 6:16 ` [RFC PATCH v2] " Patrick Steinhardt
2024-05-14 10:48 ` Karthik Nayak
2024-05-14 11:22 ` Patrick Steinhardt
2024-05-14 15:45 ` Junio C Hamano
2024-05-14 12:32 ` Dragan Simic
2024-05-24 12:54 ` [PATCH v3] " Patrick Steinhardt
2024-05-24 17:27 ` Junio C Hamano
2024-05-30 12:04 ` Patrick Steinhardt
2024-05-30 3:23 ` Commands using -h as an option don't work consistently Junio C Hamano
2024-06-03 18:33 ` Junio C Hamano
2024-06-03 20:05 ` [PATCH 0/3] Branches are branches and not heads Junio C Hamano
2024-06-03 20:05 ` [PATCH 1/3] refs: call branches branches Junio C Hamano
2024-06-03 21:32 ` Eric Sunshine
2024-06-03 20:05 ` [PATCH 2/3] ls-remote: introduce --branches and deprecate --heads Junio C Hamano
2024-06-03 21:30 ` Rubén Justo
2024-06-03 21:42 ` Eric Sunshine
2024-06-03 21:48 ` Junio C Hamano
2024-06-03 20:05 ` [PATCH 3/3] show-ref: " Junio C Hamano
2024-06-03 21:32 ` [PATCH 0/3] Branches are branches and not heads Rubén Justo
2024-06-04 7:56 ` Patrick Steinhardt
2024-06-04 22:01 ` [PATCH v2 " Junio C Hamano
2024-06-04 22:01 ` [PATCH v2 1/3] refs: call branches branches Junio C Hamano
2024-06-04 22:01 ` [PATCH v2 2/3] ls-remote: introduce --branches and deprecate --heads Junio C Hamano
2024-06-06 9:39 ` Patrick Steinhardt
2024-06-06 15:18 ` Junio C Hamano
2024-06-04 22:01 ` [PATCH v2 3/3] show-ref: " Junio C Hamano
2024-06-14 19:32 ` Elijah Newren
2024-06-14 21:21 ` Junio C Hamano
2024-06-14 21:34 ` Elijah Newren
2024-06-14 21:42 ` Elijah Newren
2024-06-14 22:46 ` Junio C Hamano
2024-06-06 9:39 ` [PATCH v2 0/3] Branches are branches and not heads Patrick Steinhardt
2024-05-31 7:56 ` [PATCH v4 0/4] docs: document upcoming breaking changes Patrick Steinhardt
2024-05-31 7:56 ` [PATCH v4 1/4] docs: introduce document to announce " Patrick Steinhardt
2024-05-31 16:51 ` Junio C Hamano
2024-06-03 9:32 ` Patrick Steinhardt
2024-06-03 16:17 ` Junio C Hamano
2024-06-04 7:42 ` Patrick Steinhardt
2024-05-31 7:56 ` [PATCH v4 2/4] BreakingChanges: document upcoming change from "sha1" to "sha256" Patrick Steinhardt
2024-05-31 17:00 ` Junio C Hamano
2024-05-31 7:56 ` [PATCH v4 3/4] BreakingChanges: document removal of grafting Patrick Steinhardt
2024-05-31 7:56 ` [PATCH v4 4/4] BreakingChanges: document that we do not plan to deprecate git-checkout Patrick Steinhardt
2024-05-31 17:05 ` Junio C Hamano
2024-05-31 23:35 ` Todd Zullinger
2024-05-31 8:43 ` [PATCH v4 0/4] docs: document upcoming breaking changes Junio C Hamano
2024-05-31 11:15 ` Patrick Steinhardt
2024-06-03 9:28 ` [PATCH v5 " Patrick Steinhardt
2024-06-03 9:28 ` [PATCH v5 1/4] docs: introduce document to announce " Patrick Steinhardt
2024-06-03 14:08 ` Phillip Wood
2024-06-03 16:24 ` Junio C Hamano
2024-06-04 6:59 ` Patrick Steinhardt
2024-06-03 9:28 ` [PATCH v5 2/4] BreakingChanges: document upcoming change from "sha1" to "sha256" Patrick Steinhardt
2024-06-03 16:36 ` Junio C Hamano
2024-06-04 7:06 ` Patrick Steinhardt [this message]
2024-06-04 17:16 ` Junio C Hamano
2024-06-03 9:28 ` [PATCH v5 3/4] BreakingChanges: document removal of grafting Patrick Steinhardt
2024-06-03 16:42 ` Junio C Hamano
2024-06-03 9:28 ` [PATCH v5 4/4] BreakingChanges: document that we do not plan to deprecate git-checkout Patrick Steinhardt
2024-06-03 16:52 ` Junio C Hamano
2024-06-04 7:11 ` Patrick Steinhardt
2024-06-04 12:32 ` [PATCH v6 0/4] docs: document upcoming breaking changes Patrick Steinhardt
2024-06-04 12:32 ` [PATCH v6 1/4] docs: introduce document to announce " Patrick Steinhardt
2024-06-04 17:59 ` Junio C Hamano
2024-06-05 5:31 ` Patrick Steinhardt
2024-06-05 16:03 ` Junio C Hamano
2024-06-05 17:52 ` Junio C Hamano
2024-06-06 4:35 ` Patrick Steinhardt
2024-06-04 12:32 ` [PATCH v6 2/4] BreakingChanges: document upcoming change from "sha1" to "sha256" Patrick Steinhardt
2024-06-04 12:32 ` [PATCH v6 3/4] BreakingChanges: document removal of grafting Patrick Steinhardt
2024-06-04 18:00 ` Junio C Hamano
2024-06-04 12:32 ` [PATCH v6 4/4] BreakingChanges: document that we do not plan to deprecate git-checkout Patrick Steinhardt
2024-06-04 14:23 ` [PATCH v6 0/4] docs: document upcoming breaking changes Phillip Wood
2024-06-04 18:01 ` Junio C Hamano
2024-06-05 5:32 ` Patrick Steinhardt
2024-06-14 6:42 ` [PATCH v7 " Patrick Steinhardt
2024-06-14 6:42 ` [PATCH v7 1/4] docs: introduce document to announce " Patrick Steinhardt
2024-06-14 16:08 ` Junio C Hamano
2024-06-14 6:42 ` [PATCH v7 2/4] BreakingChanges: document upcoming change from "sha1" to "sha256" Patrick Steinhardt
2024-06-14 6:42 ` [PATCH v7 3/4] BreakingChanges: document removal of grafting Patrick Steinhardt
2024-06-14 6:42 ` [PATCH v7 4/4] BreakingChanges: document that we do not plan to deprecate git-checkout Patrick Steinhardt
-- strict thread matches above, loose matches on Subject: below --
2024-05-29 22:03 Commands using -h as an option don't work consistently Kevin Day
2024-05-29 22:22 ` Junio C Hamano
2024-05-29 22:40 ` Kevin Day
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zl682Dk6RcFOC2rA@framework \
--to=ps@pks.im \
--cc=Johannes.Schindelin@gmx.de \
--cc=dsimic@manjaro.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jltobler@gmail.com \
--cc=karthik.188@gmail.com \
--cc=phillip.wood123@gmail.com \
--cc=tmz@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).