Recently, a new chosen-prefix attack on SHA-1 was announced. Since there’s renewed interest in it, here’s the state of SHA-256 work in Git.

We currently have a transition plan for SHA-256 and when it’s complete, there will be a Git capable of four stages of interoperability:

  1. Input and output are in SHA-1, but the storage is in SHA-256

  2. Output is in SHA-1 and storage is in SHA-256, and input can be either

  3. Both output and storage are in SHA-256, and input can be either

  4. Everything is SHA-256

Perhaps surprisingly, the last stage of this process is the easiest to implement. And such an implementation has been written and is ready to go, living in my transition-stage-4 branch. This branch is based on several others which fix the testsuite so that Git can be used with SHA-256 without failing massive amounts of tests.

Now, at the current moment, a SHA-256 repository cannot interoperate with a SHA-1 repository with the same content, and that’s the next step. After that, we’ll move on to implementing the other stages, which should be a bit easier.

So that’s where we stand. My plan is to have the first SHA-256 patches land in Git by March, around Git Merge. If you’ll be there, I’ll be leading a BoF about this work and am happy to answer any questions you have about it, or you can find me on the Git list as normal.