- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我读到 Git 使用 SHA-1 摘要作为修订版的 ID。为什么它不使用更现代的 SHA 版本?
最佳答案
Why does it not use a more modern version of SHA?
bk2204
) .
gitster
-- merge 于
commit 721cc43 ,2017 年 12 月 13 日)
Add structure representing hash algorithm
Since in the future we want to support an additional hash algorithm, add a structure that represents a hash algorithm and all the data that must go along with it.
Add a constant to allow easy enumeration of hash algorithms.
Implement functiontypedefs
to create an abstract API that can be used by any hash algorithm, and wrappers for the existing SHA1 functions that conform to this API.Expose a value for hex size as well as binary size.
While one will always be twice the other, the two values are both used extremely commonly throughout the codebase and providing both leads to improved readability.Don't include an entry in the hash algorithm structure for the null object ID.
As this value is all zeros, any suitably sized all-zero object ID can be used, and there's no need to store a given one on a per-hash basis.The current hash function transition plan envisions a time when we will accept input from the user that might be in SHA-1 or in the NewHash format.
Since we cannot know which the user has provided, add a constant representing the unknown algorithm to allow us to indicate that we must look the correct value up.
Integrate hash algorithm support with repo setup
In future versions of Git, we plan to support an additional hash algorithm.
Integrate the enumeration of hash algorithms with repository setup, and store a pointer to the enumerated data in struct repository.
Of course, we currently only support SHA-1, so hard-code this value inread_repository_format
.
In the future, we'll enumerate this value from the configuration.Add a constant,
the_hash_algo
, which points to thehash_algo
structure pointer in the repository global.
Note that this is the hash which is used to serialize data to disk, not the hash which is used to display items to the user.
The transition plan anticipates that these may be different.
We can add an additional element in the future (say,ui_hash_algo
) to provide for this case.
artagnon
) .
avar
) .
gitster
-- merge 于
commit 34f2297 ,2018 年 8 月 20 日)
doc
hash-function-transition
: pick SHA-256 as NewHashFrom a security perspective, it seems that SHA-256, BLAKE2, SHA3-256, K12, and so on are all believed to have similar security properties.
All are good options from a security point of view.SHA-256 has a number of advantages:
It has been around for a while, is widely used, and is supported by just about every single crypto library (OpenSSL, mbedTLS, CryptoNG, SecureTransport, etc).
When you compare against SHA1DC, most vectorized SHA-256 implementations are indeed faster, even without acceleration.
If we're doing signatures with OpenPGP (or even, I suppose, CMS), we're going to be using SHA-2, so it doesn't make sense to have our security depend on two separate algorithms when either one of them alone could break the security when we could just depend on one.
So SHA-256 it is.
Update the hash-function-transition design doc to say so.After this patch, there are no remaining instances of the string "
NewHash
", except for an unrelated use from 2008 as a variable name int/t9700/test.pl
.
bk2204
) .
szeder
) .
gitster
-- merge 于
commit d829d49 ,2018 年 10 月 30 日)
replace hard-coded constants
Replace several 40-based constants with references to
GIT_MAX_HEXSZ
orthe_hash_algo
, as appropriate.
Convert all uses of theGIT_SHA1_HEXSZ
to usethe_hash_algo
so that they are appropriate for any given hash length.
Instead of using a hard-coded constant for the size of a hex object ID, switch to use the computed pointer fromparse_oid_hex
that points after the parsed object ID.
GIT_SHA1_HEXSZ
进一步删除/替换为 Git 2.22(2019 年第二季度)和
commit d4e568b .
bk2204
) .
gitster
-- merge 于
commit 33e4ae9 ,2019 年 1 月 29 日)
Add a base implementation of SHA-256 support (Feb. 2019)
SHA-1 is weak and we need to transition to a new hash function.
For some time, we have referred to this new function asNewHash
.
Recently, we decided to pick SHA-256 asNewHash
.
The reasons behind the choice of SHA-256 are outlined in this thread and in the commit history for the hash function transition document.Add a basic implementation of SHA-256 based off
libtomcrypt
, which is in the public domain.
Optimize it and restructure it to meet our coding standards.
Pull in the update and final functions from the SHA-1 block implementation, as we know these function correctly with all compilers. This implementation is slower than SHA-1, but more performant implementations will be introduced in future commits.Wire up SHA-256 in the list of hash algorithms, and add a test that the algorithm works correctly.
Note that with this patch, it is still not possible to switch to using SHA-256 in Git.
Additional patches are needed to prepare the code to handle a larger hash algorithm and further test fixes are needed.
hash
: add an SHA-256 implementation using OpenSSLWe already have OpenSSL routines available for SHA-1, so add routines for SHA-256 as well.
On a Core i7-6600U, this SHA-256 implementation compares favorably to the SHA1DC SHA-1 implementation:
SHA-1: 157 MiB/s (64 byte chunks); 337 MiB/s (16 KiB chunks)
SHA-256: 165 MiB/s (64 byte chunks); 408 MiB/s (16 KiB chunks)
sha256
: add an SHA-256 implementation usinglibgcrypt
Generally, one gets better performance out of cryptographic routines written in assembly than C, and this is also true for SHA-256.
In addition, most Linux distributions cannot distribute Git linked against OpenSSL for licensing reasons.Most systems with GnuPG will also have
libgcrypt
, since it is a dependency of GnuPG.
libgcrypt
is also faster than the SHA1DC implementation for messages of a few KiB and larger.For comparison, on a Core i7-6600U, this implementation processes 16 KiB chunks at 355 MiB/s while SHA1DC processes equivalent chunks at 337 MiB/s.
In addition, libgcrypt is licensed under the LGPL 2.1, which is compatible with the GPL. Add an implementation of SHA-256 that uses libgcrypt.
bk2204
) .
gitster
-- merge 于
commit 676278f ,2019 年 10 月 11 日)
Instead of using
GIT_SHA1_HEXSZ
and hard-coded constants, switch to usingthe_hash_algo
.
bk2204
) .
gitster
-- merge 于
commit f52ab33 ,2020 年 2 月 5 日)
t4204
: make hash size independentSigned-off-by: brian m. carlson
Use
$OID_REGEX
instead of a hard-coded regular expression.
grep "^[a-f0-9]\{40\} $(git rev-parse HEAD)$" output
grep "^$OID_REGEX $(git rev-parse HEAD)$" output
OID_REGEX
来自
commit bdee9cd (2018 年 5 月 13 日)来自
brian m. carlson ( bk2204
) .
gitster
-- merge 在
commit 9472b13 中,2018 年 5 月 30 日,Git v2.18.0-rc0)
t/test-lib
: introduceOID_REGEX
Signed-off-by: brian m. carlson
Currently we have a variable,
$_x40,
which contains a regex that matches a full 40-character hex constant.However, with
NewHash
, we'll have object IDs that are longer than 40 characters.In such a case,
$_x40
will be a confusing name.Create a
$OID_REGEX
variable which will always reflect a regex matching the appropriate object ID, regardless of the length of the current hash.
bk2204
) .
gitster
-- merge 于
commit 5af345a ,2020 年 2 月 17 日)
t5703
: make test work with SHA-256Signed-off-by: brian m. carlson
This test used an object ID which was 40 hex characters in length, causing the test not only not to pass, but to hang, when run with SHA-256 as the hash.
Change this value to a fixed dummy object ID using
test_oid_init
andtest_oid
.Furthermore, ensure we extract an object ID of the appropriate length using cut with fields instead of a fixed length.
the_repository
其被调用者的实例,已使用 Git 2.26(2020 年第一季度)进行了清理(在某种程度上)。
matheustavares
) .
gitster
-- merge 于
commit 78e67cd ,2020 年 2 月 14 日)
sha1-file
: allowcheck_object_signature()
to handle any repoSigned-off-by: Matheus Tavares
Some callers of
check_object_signature()
can work on arbitrary repositories, but the repo does not get passed to this function. Instead,the_repository
is always used internally.
To fix possible inconsistencies, allow the function to receive a struct repository and make those callers pass on the repo being handled.
sha1-file
: passgit_hash_algo
tohash_object_file()
Signed-off-by: Matheus Tavares
Allow
hash_object_file()
to work on arbitrary repos by introducing agit_hash_algo
parameter. Change callers which have a struct repository pointer in their scope to pass on thegit_hash_algo
from the said repo.
For all other callers, pass onthe_hash_algo
, which was already being used internally athash_object_file()
.
This functionality will be used in the following patch to makecheck_object_signature()
be able to work on arbitrary repos (which, in turn, will be used to fix an inconsistency atobject.c
:parse_object()).
关于git - 为什么 Git 不使用更现代的 SHA?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28159071/
我有一个库(围绕nlohmann / json封装),可以从JSON反序列化: struct MyStruct { int propertyA; std::string propert
如果 的第 1、3、5、7、9、11、13 或 15 位之一,我希望 var 不等于 FALSE输入已设置。 一个似乎相当普遍的解决方案是: int var = 1 & (input >> 1) |
当我说目标类型时,我的意思是使用接收者变量或参数的类型作为信息来推断我分配给它的部分代码。例如,在 C# 中,您会编写类似这样的内容来传递可为 null 的值或 null (空)如有必要: void
我需要从 native 内存读取/写入一堆结构。我想弄清楚我是否应该为结构对齐而烦恼。这是我编写的用于测试的简单代码。它将压缩结构写入未对齐的指针,然后读回该结构: public static uns
采用以下代码: char chars[4] = {0x5B, 0x5B, 0x5B, 0x5B}; int* b = (int*) &chars[0]; (int*) &chars[0] 值将在循环(
因此,当我发现将整个解决问题的方法颠倒过来时,我正在网上搜索最佳实践,以实现使用多个数据存储的存储库模式。这就是我所拥有的... 我的应用程序是一个BI工具,它从四个数据库中提取数据。由于内部限制,我
我想仅使用现代 OpenGL 技术(即没有即时模式的东西)来设置正交投影。我在网络上看到有关如何处理此问题的相互矛盾的信息。 有些人说调用 glMatrixMode(GL_PROJECTION) 然后
我想知道当前的 cpus 是否避免在其中至少一个为零时将两个数字相乘。谢谢 最佳答案 这取决于 CPU 和(在某些情况下)操作数的类型。 较旧/较简单的 CPU 通常使用如下乘法算法: integer
在精美的 OpenGL 新版本(3.0 和 4.0 以上)中,不推荐使用 gl_Vertex 等内置顶点属性 .实际渲染任何东西的“新方法”是为位置、颜色等指定您自己的顶点属性,然后将这些自定义属性绑
在我的 OpenGL 研究(我认为是 OpenGL 红皮书)中,我遇到了一个关节机器人 ARM 模型的示例,该模型由“上臂”、“下臂”、“手”和五个或更多“手指”。每个部分都应该能够独立移动,但受“关
像 Kaby Lake 这样的现代 CPU 如何处理小分支? (在下面的代码中,它是跳转到标签 LBB1_67)。据我所知,分支不会有害,因为跳转低于 16 字节块大小,即解码窗口的大小。 或者是否有
编辑:此问题假设您启用了发生检查。不是关于 setting Prolog flags . 30 年前有很多关于在安全的情况下自动优化发生检查的论文(大约 90% 的谓词,在典型的代码库中)。提出了不同
现在是 2020 年,在 iOS 终于添加了对 Widget 的支持之后,Widget 再次风靡一时。但是,自 2012 年以来,Android 小部件似乎没有更新。 来自 Android docs
我正在看一些关于算法的讲座,教授用乘法作为如何改进朴素算法的例子...... 它让我意识到乘法并不是那么明显,虽然当我编码时我只是认为它是一个简单的原子操作,乘法需要一个算法来运行,它不像求和数字那样
我们将 PIXI.js 用于内部使用 WebGL 进行渲染的游戏。时不时地,我会偶然发现避免 NPOT 纹理(https://developer.mozilla.org/en-US/docs/Web/
我是一名计算机科学专业的学生,即将毕业。我们现在必须用我们选择的语言编写完整的应用程序。我们选择 Objective-C 因为我们都是 Mac 人。 为了让我们的教授高兴,必须做一些事情:-)一项
我正在编写一个带有 x86 后端的 JIT 编译器,并且正在学习 x86 汇编器和机器代码。大约 20 年前,我使用 ARM 汇编程序,并对这些架构之间的成本模型差异感到惊讶。 具体来说,内存访问和分
如果负载与两个较早的存储重叠(并且负载未完全包含在最旧的存储中),现代 Intel 或 AMD x86 实现能否从两个存储转发以满足负载? 例如,考虑以下序列: mov [rdx + 0], eax
http://www.lighthouse3d.com/opengl/glsl/index.php?ogldir2 报告 OpenGL 上下文中的半向量是“眼睛位置 - 灯光位置”,但接着又说“幸运的
在现代 (GL3.3+) GPU 上使用 GLSL 时,在统一上进行分支的可能成本是多少? 在我的引擎中,我已经达到了拥有大量着色器的程度。我为其中的很多预设了几种不同的质量预设。就目前情况而言,我在
我是一名优秀的程序员,十分优秀!