[darcs-devel] [Haskell-cafe] Re: announcing darcs 2.0.0pre3

zooko zooko at zooko.com
Fri Jan 25 00:26:59 UTC 2008


> It's mostly historical, but also supported by the assumption that  
> Linus
> thought about it when *he* decided to use sha1 for the same purpose.

With all due respect, "Because Linus did it." is a bad reason.  To  
think no further than that would be irresponsible, even if Linus had  
just now made his decision, and even if Linus were a security  
expert.  But in any case, there has been a significant new result  
making SHA-1 cracking practical *since* Linus made that decision, and  
Linus is not (and does not claim to be) a security expert.

Here are the comments from some people whose opinions about security  
you should trust -- Bruce Schneier and Jon Callas.  Note the  
timestamps.  Linus chose SHA-1 for git in 2005-04.

http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
http://article.gmane.org/gmane.linux.kernel/294596/match=git
http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html

Regards,

Zooko



More information about the darcs-devel mailing list