Re: [PATCH] hash: introduce support for the MD5 hash algorithm

[Patrick Steinhardt <ps@pks.im>]

On Wed, Apr 01, 2026 at 12:42:28PM +0200, Patrick Steinhardt wrote:
> We are currently in the process of migrating to SHA256 as the
> alternative to SHA1. But we believe that proposal is misguided.
> 
> When Linus first announced Git in April 2005, he was explicit about the
> role of SHA1 in the design: the hash is used for content integrity, not
> for cryptographic security [1]. Given this foundational principle, the
> collision resistance of the underlying hash algorithm is essentially
> irrelevant. What matters is that identical content always produces the
> same name, and that any corruption of stored data is detectable.
> 
> While SHA256 technically provides stronger collision resistance than
> SHA1, it does so at the cost of 64-byte object names instead of 40, a
> 60% increase in verbosity for no practical benefit.
> 
> As an alternative, MD5 satisfies the requirements of collision
> resistance and deterministic checksums perfectly well. At a length of 32
> hex characters they are shorter than SHA1, roll off the tongue more
> easily, and have been a beloved companion to the software engineer for
> decades. Furthermore, it remains in active use throughout the ecosystem,
> in checksums on download pages, filesystem integrity tools, and
> countless systems out there, which overall proves the point that they
> aren't inherently broken.
> 
> Quoting Linus in [1]:
> 
>   In other words, I think we could have used md5's as the hash, if we
>   just make sure we have good practices. And it wouldn't have been
>   "insecure".
> 
> Let's do so and wire up MD5 as a new alternatitve hash algorithm next to
> SHA1 and SHA256. Repositories can easily be initialized with MD5 by
> saying `git init --object-format=md5`, and tests can be executed with
> the new hash by setting the `GIT_TEST_DEFAULT_HASH_ALGO=md5` environment
> variable.
> 
> [1]: https://lore.kernel.org/git/Pine.LNX.4.58.0504160913180.7211@ppc970.osdl.org/

This was obviously a joke, but one thing I would like to point out is
that this patch actually works. There's 15 test suites that are failing,
but everything else passes. Which is quite amazing, and it shows that we
have come a long way with making our code base more agile when it comes
to the hash function. I guess a lot of the praise goes to brian here.

So while this here was a joke, it was also me experimenting with how
hard it is to actually add another hash function. We've discussed in the
past whether it might make sense to have a third hash that is focussed
on speed. Of course, it would still require collision resistance, but it
might actually be in the picture to compromise on the cryptographic
nature for internal projects.

Anyway, that's a bigger discussion to be had at a future point in time.

Thanks!

Patrick