Announcement

Collapse
No announcement yet.

Git 2.29 Released With Experimental Support For Using More Secure SHA-256

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by jntesteves View Post

    OK, but why? Becauze 3 bigger then 2?
    They share little besides the name. Certain classes of attacks are not possible with sha3.

    https://crypto.stackexchange.com/que...-3-and-sha-256

    Comment


    • #12
      Originally posted by oleid View Post

      They share little besides the name. Certain classes of attacks are not possible with sha3.

      https://crypto.stackexchange.com/que...-3-and-sha-256
      Exactly, hence we use HMAC and all is good and well. This use case can potentially be better served by SHA-3, but even that is not a no-brainer, you should consider your priorities carefully. But where you absolutely don't need resistance to length extension attacks, as is the case with git as documented in the link adler187 posted above [1], SHA-2 offers the following advantages over SHA-3, which might be important to some projects:
      • Proven by time. SHA-2 has been used in the wild for a while and never broken. SHA-3 is new and less tried;
      • Widely available. There are SHA-2 libraries in every platform going back many years;
      • Many independent implementations;
      • Better performance.
      This bullet list clicks a lot with git, so the choice is kinda obvious to me.

      [1] https://github.com/git/git/blob/mast....txt#L603-L634

      Comment


      • #13
        Originally posted by jntesteves View Post
        • Better performance.
        I personally think that's why BLAKE2 would be a better choice than SHA3.


        Comment

        Working...
        X