On May 28, 2013, at 5:55 PM, Greg Parker wrote: > On May 28, 2013, at 3:39 PM, Michael Hall <mik3h...@gmail.com> wrote: >> On May 28, 2013, at 5:27 PM, Michael Hall wrote: >>> I thought I saw SHA-1 being used as a general purpose hash function >>> somewhere sort of surprising recently but I'm not remembering exactly where. >> >> Ah, sorry to reply to my own but maybe this was it… >> >> https://news.ycombinator.com/item?id=4036878 >> SHA-1is still used in applications such as git as a general purpose hash >> function. >> >> Not this particular article where I saw it but I recently signed up on git >> and think I may of seen it's use then. > > For this sort of use I expect SHA-1 is chosen in part because it computes a > bigger value than a typical hash-table hash. (160 bits for SHA-1 and 256+ for > SHA-2, versus 32 or 64 for a typical hash table.) > > git in particular wants an ID that is as globally unique as possible so 64 > bits is not enough, is computing a small number of hashes so the extra > per-hash setup time for a cryptographic hash is less important, and is > probably I/O bound anyway so the extra CPU time of a cryptographic hash is > less important.
This is sort of off-topic but I think this is a little tougher to be sure on isn't it? 2*64 if a pretty big number. DES is sort of got on the outs because they were coming up with attacks that could go after it non-stop brute force in about 2*56 tries. The birthday paradox may apply here too where collisions are much more likely at something a lot less than 2*64. I don't know. SHA-1 for purposes like like Jens suggested, to avoid forgeability, is also I thought sort of on the outs due to progress in attackers figuring out how to cause collisions. But it has been around a long time and I suppose converting to SHA-2 or something else for something like git would be a pretty large effort. If attackers aren't the concern I think it might still make a slow and large but tried and true as far as it goes general purpose hash, with usually good attributes for collision resistance and uniform distribution. Michael Hall trz nio.2 for OS X http://www195.pair.com/mik3hall/index.html#trz HalfPipe Java 6/7 shell app http://www195.pair.com/mik3hall/index.html#halfpipe AppConverter convert Apple jvm to openjdk apps http://www195.pair.com/mik3hall/index.html#appconverter _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
