|
|
Subscribe / Log in / New account

A new hash algorithm for Git

A new hash algorithm for Git

Posted Feb 5, 2020 19:40 UTC (Wed) by KaiRo (subscriber, #1987)
In reply to: A new hash algorithm for Git by mirabilos
Parent article: A new hash algorithm for Git

The problem is that with quantum computers, you can actually forge signatures, i.e. you actually _can_ rewrite those things and/or make something, e.g. a git commit, look like it could be verified to be from someone despite it being from someone else - at least using the current (RSA) mechanisms. We need to use new, quantum-safe signatures in the future. Unfortunately, the security community has not settled on what the widely-accepted algorithms for that may be, though there are developments in this area.

The actual hash that is signed is a different topic. You should be able to verify those signed hashes as long as the original hash is available (part of what the original article is about) and the signature can be trusted (which may not be the case forever, as I was pointing to).

to post comments

A new hash algorithm for Git

Posted Feb 6, 2020 15:40 UTC (Thu) by luto (guest, #39314) [Link]

There are several excellent hash-based signature algorithms that appear to be fully secure against quantum attack. They don’t extend to encryption or to key exchange, so they are not full RSA replacements.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds