Re: git & Debian packaging sprint report
On July 15, 2019 8:50:48 PM UTC, Russ Allbery <[email protected]> wrote:
>Ansgar Burchardt <[email protected]> writes:
>
>> SHA-1 isn't going to get stronger in the future. The TLS world has
>> already moved on, OpenPGP is still in the slow process to move on,
>> Release/Packages stopped using it[1], there is no reason to continue
>> using it.
>
>Well, the reason to continue using it is that Git uses it and we use
>Git,
>and it may simplify the workflow.
>
>You're not wrong, of course, but preimage attacks are very hard. MD5
>is
>still probably robust against preimage attacks, let alone SHA-1. By
>all
>means, let's future-proof as much as possible, but I'm not sure
>worrying
>about SHA-1 preimage resistance is the most important design principle
>in
>this case. At some point, Git itself will switch away from SHA-1, and
>we
>can then obviously follow.
...
Except that we have different requirements than git. Git isn't looking for security properties from SHA-1, so it's highly likely it'll meet their accident avoidance requirements long after it's no longer appropriate for security related assertions.
I don't think adding more SHA-1 in a security sensitive context is a good plan.
Scott K
Reply to: