A new hash algorithm for Git

Posted Feb 3, 2020 22:02 UTC (Mon) by josh (subscriber, #17465)
Parent article: A new hash algorithm for Git

The decision on SHA256 as the successor was made back in 2018. I wonder if the rationale still holds as strongly then as it does now? There are several new candidates that have substantially higher performance than SHA256, and in particular, a couple that have the advantage of supporting parallel hashing for large blocks of data, notably BLAKE3.

(I *don't* want to bikeshed the hash selection here. But I wonder if that hash selection might be worth benchmarking and re-evaluating now that the infrastructure is ready.)

A new hash algorithm for Git

Posted Feb 4, 2020 2:07 UTC (Tue) by KaiRo (subscriber, #1987) [Link]

I ' ve wondered about that as well - SHA256 has good hardware support right now but SHA3/keccak or even the very new blake3 would technically be better, though it will take some time until esp. the latter will be supported in hardware - probably before SHA1 collisions will be a practical problem in git repos though. How flexible is the code in that patch to go right to an even newer hash algorithm?

A new hash algorithm for Git

Posted Feb 4, 2020 9:07 UTC (Tue) by jwilk (subscriber, #63328) [Link]

https://www.imperialviolet.org/2017/05/31/skipsha3.html

A new hash algorithm for Git

Posted Feb 4, 2020 14:40 UTC (Tue) by cesarb (subscriber, #6266) [Link]

BLAKE3 might have another potential advantage for Git: due to its tree structure, it could allow breaking large blobs into small pieces which can be hashed independently, without changing the final hash. This might help with some of the issues Git has with large files in a repository.

A new hash algorithm for Git

Posted Feb 5, 2020 15:17 UTC (Wed) by smoogen (subscriber, #97) [Link]

There are two items:
1. Like a game of scissors-rocks-paper there is no one right choice that 'wins'. You choose shasha versus chachacha and you find out that both are weak against an attack that plugh294 isn't. However plug294 is weak against and attack that shasha is good at and chachacha is sort of ok.. etc etc etc.
2. Because of that and that the attacks get better.. any choice you make at time X will look bad in time X+1. This leads to a lot of projects doing the 'jump to the latest findings' switching crypto or checksums or signing to the latest thing which was written to be stronger than whatever you chose at X time. However also due to 1.. you end up finding that you have to keep hopping.

In the end, you just have to choose something and implement it and know that you will have to choose something else again in 2-3 years and implement that. There is no 'right' choice. There are just an infinite 'wrong' ones which are either more wrong or less wrong.