Git Transitioning Away from the Aging SHA-1 Hash
This transition will prove to be a challenge, as SHA-1 has been a part of git since Linus Torvalds originally developed the versioning system, back in 2005. Git uses SHA-1-generated hashes to identify revisions and protect code against corruption. Unfortunately, SHA-1’s foundation has been weakened by a series of vulnerabilities that have been found in the codebase, and is considered broken. In fact, one of the primary reasons for transition away from SHA-1 is that the poor state of the hashing algorithm could be used to compromise git repositories.
In other words, this out-of-data cryptographic hashing function can no longer be considered secure. According to the official Git hash function transition document, the insecurity of SHA-1 has been known for some time. The document states, “Over time some flaws in SHA-1 have been discovered by security researchers. On Feb. 23, 2017 the SHAttered attack demonstrated a practical SHA-1 hash collision.”
Why So Challenging?
One would think it’s just a simple means of migrating git to a newer, more secure hashing algorithm. Unfortunately, that is not the case. Why? Git stores a lot of objects. And every time even the slightest change is made to an object, a new SHA-1 hash is created and the object is then stored under a different name. Because this is a versioning control system, that means every one of those objects are saved.
Now, imagine migrating the sum total of every object stored on git to a new hashing algorithm. A single git repository could have thousands of objects. In 2018 there were over 100 million repositories on git. Couple that with the fact that commits also have SHA-1 hashes and the task of migration becomes monumental.
But with other developers (such as those with Mozilla) already having moved from SHA-1, the time for migration is past due.
The New Hash
Git plans on migrating from SHA-1 to SHA-265. This will happen across all repositories and apparently will be done in stages. According to the migration document, “Git v2.13.0 and later subsequently moved to a hardened SHA-1 implementation by default, which isn’t vulnerable to the SHAttered attack.” Of course, that wasn’t enough to ensure the security of objects stored on Git. Hence the migration to the new algorithm.
Some of the transition goals Git has shared include:
- Requiring no action by any party outside of git.
- SHA-256 repositories can communicate with SHA-1 git servers (for push/fetch).
- Users can choose between either SAH-1 and SHA-256 identifiers.
- New signed objects will use the new, stronger hash function.
- Allow for a complete transition away from SHA-1 (including the removal of local metadata if compatibility with SHA-1 is no longer necessary).
- Object format retains simplicity and consistency.
- Creation of repository conversion tool.
At the moment, there is no timeline or deadline for the transition. This plan was originally proposed back in 2017 by git developer, Brian Carlson. Work on this transition has been going on for a while now, and the code is now in alpha stage.