SHA-1 (WAS Re: How to edit commiter's name?)
Benoit Boissinot
bboissin at gmail.com
Mon Mar 23 12:22:55 CDT 2009
On Mon, Mar 23, 2009 at 4:14 AM, Paul Crowley <paul at lshift.net> wrote:
> Peter Hosey wrote:
>
> Note that SHA-1 is no longer considered strong; if it's able to attract
> enough participants, it won't be long before this project:
>
> http://www.iaik.tugraz.at/content/research/krypto/sha1/
>
> is able to exhibit a pair of distinct documents with the same SHA-1 hash
> (a "collision").
>
> The FAQ states "Mercurial will switch to SHA256 hashing before that
> becomes a realistic concern".
I guess a realistic concern would be a preimage attack, not a collision,
that probably won't happen before sha-3.
regards,
Benoit
More information about the Mercurial
mailing list