本文介绍了为什么Git不使用更现代化的SHA?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我读到Git使用SHA-1摘要作为修订版的ID。为什么它不使用更现代版本的SHA?

解决方案

更新:上述问题和这个答案是从2015年开始的。自那时以来,Google宣布了第一次SHA-1冲突:






很显然,我只能从外部推测Git继续使用SHA-1的原因,但这可能是以下原因之一:


  1. Git是Linus Torvald的创作,而Linus显然不想用SHA1替代另一种哈希算法。 他做出了合理的说法,即成功的SHA-针对Git的1次基于碰撞的攻击要比实现碰撞本身困难得多,并且考虑到SHA-1比它应该是弱的而不是完全破碎的,至少在今天使它实质上远离可行的攻击。此外,他指出,如果碰撞物体比现有物体晚到达,那么成功攻击就会实现的很少,因为后者会被认为与有效物体相同并被忽略(尽管其他人已经指出反过来可能发生)。

  2. 更改软件非常耗时且容易出错,尤其是当现有基础架构和基于现有协议的数据必须迁移时。即使那些以加密安全性为系统唯一点的软件和硬件产品的制造商仍然处于从SHA-1和其他弱点算法转移的过程中。试想一下,所有那些硬编码的 unsigned char [20] 缓冲区遍布整个地方;-),在开始时编程加密敏捷性要容易得多,而不是稍后对其进行改造。

  3. SHA-1的性能优于各种SHA-2哈希值(可能不是现在成为一个交易断路器,但可能是10年前的一个棘手问题) ),并且SHA-2的存储容量更大。

一些链接:






  • 我的个人观点认为,虽然实际的攻击可能需要一些时间,并且即使它们确实发生,人们也可能最初通过除了改变散列之外的方式来减轻攻击算法本身,如果你确实关心安全性,你应该谨慎选择算法,并不断修正你的安全优势,因为攻击者的能力也只朝着一个方向发展,所以它会将Git作为角色模型是不明智的,尤其是因为它在使用SHA-1时的目的并不意味着加密安全。


    I read about that Git uses SHA-1 digest as an ID for a revision. Why does it not use a more modern version of SHA?

    解决方案

    UPDATE: The above question and this answer are from 2015. Since then Google have announced the first SHA-1 collision: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html


    Obviously I can only speculate from the outside looking in about why Git continues to use SHA-1, but these may be among the reasons:

    1. Git was Linus Torvald's creation, and Linus apparently does not want to substitute SHA-1 with another hashing algorithm at this time.
    2. He makes plausible claims that successful SHA-1 collision-based attacks against Git are a good deal harder than achieving the collisions themselves, and considering that SHA-1 is weaker than it should be, not completely broken, that makes it substantially far from a workable attack at least today. Moreover, he notes that a "successful" attack would achieve very little if the colliding object arrives later than the existing one, as the later one would just be assumed to be the same as the valid one and ignored (though others have pointed out that the reverse could occur).
    3. Changing software is time-consuming and error-prone especially when there is existing infrastructure and data based around the existing protocols that will have to be migrated. Even those who produce software and hardware products where cryptographic security is the sole point of the system are still in the process of migrating away from SHA-1 and other weak algorithms in places. Just imagine all those hardcoded unsigned char[20] buffers all over the place ;-), it's a lot easier to program for cryptographic agility at the start, rather than retrofitting it later.
    4. Performance of SHA-1 is better than the various SHA-2 hashes (probably not by so much as to be a deal-breaker now, but maybe was a sticking point 10 years ago), and the storage size of SHA-2 is larger.

    Some links:

    My personal view would be that whilst practical attacks are probably some time off, and even when they do occur people will probably initially mitigate against them with means other than changing the hash algorithm itself, that if you do care about security that you should be erring on the side of caution with your choices of algorithms, and continually revising upwards your security strengths, because the capabilities of attackers are also going only in one direction, so it would be unwise to take Git as a role model, especially as its purpose in using SHA-1 is not purporting to be cryptographic security.

    这篇关于为什么Git不使用更现代化的SHA?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-12 07:54