Moving Git past SHA-1
Moving Git past SHA-1
The SHA-1 hash algorithm has been known for at least a decade to be weak; while no generated hash collisions had been reported, it was assumed that this would happen before too long. On February 23, Google announced that it had succeeded at this task. While the technique used is computationally expensive, this event has clarified what most developers have known for some time: it is time to move away from SHA-1. While the migration has essentially been completed in some areas (SSL certificates, for example), there are still important places where it is heavily used, including at the core of the Git source-code management system. Unsurprisingly, the long-simmering discussion in the Git community on moving away from SHA-1 is now at a full boil.