The latest version of Linus Torvalds' Git version-control system brings experimental support for the SHA-256 cryptographic hash, moving it away from its reliance on the less safe SHA-1.
Google and other researchers in 2017 showed that the SHAttered SHA-1 collision attack[1] made it cheaper than previously thought to cause a SHA-1 collision. That is, when two files, in that case two PDFs with different content, were represented by the same SHA-1 hash value.
The researchers highlighted that Git "strongly relies on SHA-1" for checking the integrity of file objects and commits. They argued SHA-1 was a tampering risk because it was possible to create "two Git repositories with the same head commit hash and different contents, say, a benign source code and a backdoored one".
Torvalds at the time said the SHA-1 collision attack did not mean the "sky is falling for Git".
"Git doesn't actually just hash the data, it does prepend a type/length field to it", wrote Torvalds. This made Git harder to attack than a PDF.
However, since then researchers from France and Singapore discovered the SHA-1 'chosen-prefix collision attack'[2], a cheaper version of the SHA-1 collision attack conducted by Google two years earlier.
GitHub, which uses Git, put detection mitigations in place at the time also[3]. However, ever since SHAttered arrived, the Git project has been hardening its SHA-1 implementation and gradually enabling support for the safer SHA-256[4].
With experimental SHA-256 in Git 2.29, developers can now write a repository's objects using a SHA-256 hash of its contents rather than SHA-1.
"Git (and providers that use it, like GitHub) checks each object it hashes to see if there is evidence that that object is part of a colliding pair," explained GitHub's Taylor