On Tue, Jul 24 2018, Junio C Hamano wrote: > Linus Torvalds <torva...@linux-foundation.org> writes: > >> On Tue, Jul 24, 2018 at 12:01 PM Edward Thomson >> <ethom...@edwardthomson.com> wrote: >>> >>> Switching gears, if I look at this from the perspective of the libgit2 >>> project, I would also prefer SHA-256 or SHA3 over blake2b. To support >>> blake2b, we'd have to include - and support - that code ourselves. But >>> to support SHA-256, we would simply use the system's crypto libraries >>> that we already take a dependecy on (OpenSSL, mbedTLS, CryptoNG, or >>> SecureTransport). >> >> I think this is probably the single strongest argument for sha256. >> "It's just there". > > Yup. I actually was leaning toward saying "all of them are OK in > practice, so the person who is actually spear-heading the work gets > to choose", but if we picked SHA-256 now, that would not be a choice > that Brian has to later justify for choosing against everybody > else's wishes, which makes it the best choice ;-)
Looks like it's settled then. I thought I'd do the grunt work of updating the relevant documentation so we can officially move on from the years-long NewHash discussion. Ævar Arnfjörð Bjarmason (2): doc hash-function-transition: note the lack of a changelog doc hash-function-transition: pick SHA-256 as NewHash .../technical/hash-function-transition.txt | 192 ++++++++++-------- 1 file changed, 102 insertions(+), 90 deletions(-) -- 2.17.0.290.gded63e768a
