The latest version of Linus Torvalds’ Git version-control system brings experimental support for the SHA-256 cryptographic hash, moving it away from its reliance on the less safe SHA-1.
Google and other researchers in 2017 showed that the SHAttered SHA-1 collision attack made it cheaper than previously thought to cause a SHA-1 collision. That is, when two files, in that case two PDFs with different content, were represented by the same SHA-1 hash value.
The researchers highlighted that Git “strongly relies on SHA-1” for checking the integrity of file objects and commits. They argued SHA-1 was a tampering risk because it was possible to create “two Git repositories with the same head commit hash and different contents, say, a benign source code and a backdoored one”.
Torvalds at the time said the SHA-1 collision attack did not mean the “sky is falling for Git”.
“Git doesn’t actually just hash the data, it does prepend a type/length field to it”, wrote Torvalds. This made Git harder to attack than a PDF.
However, since then researchers from France and Singapore discovered the SHA-1 ‘chosen-prefix collision attack’, a cheaper version of the SHA-1 collision attack conducted by Google two years earlier.
GitHub, which uses Git, put detection mitigations in place at the time also. However, ever since SHAttered arrived, the Git project has been hardening its SHA-1 implementation and gradually enabling support for the safer SHA-256.
With experimental SHA-256 in Git 2.29, developers can now write a repository’s objects using a SHA-256 hash of its contents rather than SHA-1.
“Git (and providers that use it, like GitHub) checks each object it hashes to see if there is evidence that that object is part of a colliding pair,” explained GitHub’s Taylor Blau.
“This prevents GitHub from accepting both the benign and malicious halves of the pair, since the mathematical tricks required to generate a collision in any reasonable amount of time can be detected and rejected by Git.”
He points out that nevertheless any weaknesses in a cryptographic hash are a bad sign.
“Even though Git has implemented detections that prevent the known attacks from being carried out, there’s no guarantee that new attacks won’t be found and used in the future. So the Git project has been preparing a transition plan to begin using a new object format with no known attacks: SHA-256.”
With Git 2.29, Git can operate in full SHA-1 or full SHA-256 mode, but this means there is currently no interoperability between repositories using the different object formats, SHA-1 or SHA-256.
Interoperability will be enabled in future by way of a translation table, allowing SHA-256 repositories to interact with SHA-1 clients. Neither GitHub nor its rivals currently support hosting SHA-256-enabled repositories.