On July 15, 2019 8:50:48 PM UTC, Russ Allbery <r...@debian.org> wrote:
>Ansgar Burchardt <ans...@debian.org> writes:
>> SHA-1 isn't going to get stronger in the future.  The TLS world has
>> already moved on, OpenPGP is still in the slow process to move on,
>> Release/Packages stopped using it[1], there is no reason to continue
>> using it.
>Well, the reason to continue using it is that Git uses it and we use
>and it may simplify the workflow.
>You're not wrong, of course, but preimage attacks are very hard.  MD5
>still probably robust against preimage attacks, let alone SHA-1.  By
>means, let's future-proof as much as possible, but I'm not sure
>about SHA-1 preimage resistance is the most important design principle
>this case.  At some point, Git itself will switch away from SHA-1, and
>can then obviously follow.
Except that we have different requirements than git.  Git isn't looking for 
security properties from SHA-1, so it's highly likely it'll meet their accident 
avoidance requirements long after it's no longer appropriate for security 
related assertions.

I don't think adding more SHA-1 in a security sensitive context is a good plan.

Scott K

Reply via email to