Why do the majority of projects still use SHA1 for Git commit hashes?
It seems like SHA1 has been deprecated a long time ago. So why do people still not use SHA256 for new repos?
View original on lemmy.asudox.dev
It seems like SHA1 has been deprecated a long time ago. So why do people still not use SHA256 for new repos?
Because the git commit hash is not suppose to be used as a security measure, just a identification measure.
Sha1 is still secure for this use too. Both preimage properties remain unbroken.
What do you mean by "use SHA1 for Git"? Are you referring to commit hashes? They probably don't have any security implications that would warrant a stronger hash
yes. commit hashes. fixed the title.
It's the default, and iirc git only uses SHA-1 for id stuff.