The Status of Git and SHA-256
Recently, a new chosen-prefix attack on SHA-1 was announced. Since there’s renewed interest in it, here’s the state of SHA-256 work in Git.
We currently have a transition plan for SHA-256 and when it’s complete, there will be a Git capable of four stages of interoperability:
-
Input and output are in SHA-1, but the storage is in SHA-256
-
Output is in SHA-1 and storage is in SHA-256, and input can be either
-
Both output and storage are in SHA-256, and input can be either
-
Everything is SHA-256
Perhaps surprisingly, the last stage of this process is the easiest to
implement. And such an implementation has been written and is ready to go,
living in my
transition-stage-4
branch. This branch is based on several others which fix the testsuite so that
Git can be used with SHA-256 without failing massive amounts of tests.
Now, at the current moment, a SHA-256 repository cannot interoperate with a SHA-1 repository with the same content, and that’s the next step. After that, we’ll move on to implementing the other stages, which should be a bit easier.
So that’s where we stand. My plan is to have the first SHA-256 patches land in Git by March, around Git Merge. If you’ll be there, I’ll be leading a BoF about this work and am happy to answer any questions you have about it, or you can find me on the Git list as normal.