On 20.01.23 22:48, Karl Fogel wrote:
On 20 Jan 2023, Nathan Hartman wrote:
We already can't store files with identical SHA1 hashes, but AFAIK the
only meaningful impact we've ever heard is that security researchers
cannot track files they generate with deliberate collisions. The same
would be true with any hash type, for collisions within that hash
type.
Yes. A hash is considered "broken" the moment security researches can
generate a collision.
No matter what hash function you choose now, sooner or later it will be
broken.
But a broken hash function can still be good enough for use in tools
like subversion if it is used correctly. Instead of just storing the
hash value subversion should also store a sequence number. Whenever a
collision happens subversion has to compare the two (or more) files
which have the same hash value. If the files are identical the old
hash+number pair is stored. If they differ the new file gets a new
sequence number and that hash+number pair is stored. Since collisions
almost never happen even if md5 is used the performance penalty will be
almost zero.
The same thing has been discussed earlier and changing the hash function
will just solve the problem for a few years...
Best regards,
Martin