On Tue, Apr 12, 2016 at 06:58:10PM -0700, H. Peter Anvin wrote: > On April 12, 2016 6:51:12 PM PDT, Duy Nguyen wrote: > >On Wed, Apr 13, 2016 at 5:38 AM, H. Peter Anvin wrote: > >> OK, I'm going to open this can of worms... > >> > >> At what point do we migrate from SHA-1? > > > >Brian Carlson has been slowly refactoring git code base, abstracting > >SHA-1 away. Once that work is done, I think we can talk about moving > >away from SHA-1. The process is slow because it likely causes > >conflicts with in-flight topics. A quick grep shows we still have > >about 300 SHA-1 references, so it'll be quite some time. > > Well, at least it sounds like work is underway. That is a big deal. Yes, it's a bunch of slow manual refactoring, and I've been busy as we've been doing house- and car-related things recently. I'll try to spend a little more time on it this weekend. The first step is to convert all of the individual places that use unsigned char [20] to use struct object_id, which can then be extended to use different hash algorithms. There are also constants, GIT_SHA1_RAWSZ and GIT_SHA1_HEXSZ, that abstract the 20 and 40 values in the codebase so they can be changed in the future. While this is a project I've been mostly working on, I have no objection to other people sending in a patch or series as they feel like it. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204