- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我读到 Git 使用 SHA-1 摘要作为修订版的 ID。为什么它不使用更现代的 SHA 版本?
最佳答案
Why does it not use a more modern version of SHA?
bk2204
) .
gitster
-- merge 于
commit 721cc43 ,2017 年 12 月 13 日)
Add structure representing hash algorithm
Since in the future we want to support an additional hash algorithm, add a structure that represents a hash algorithm and all the data that must go along with it.
Add a constant to allow easy enumeration of hash algorithms.
Implement functiontypedefs
to create an abstract API that can be used by any hash algorithm, and wrappers for the existing SHA1 functions that conform to this API.Expose a value for hex size as well as binary size.
While one will always be twice the other, the two values are both used extremely commonly throughout the codebase and providing both leads to improved readability.Don't include an entry in the hash algorithm structure for the null object ID.
As this value is all zeros, any suitably sized all-zero object ID can be used, and there's no need to store a given one on a per-hash basis.The current hash function transition plan envisions a time when we will accept input from the user that might be in SHA-1 or in the NewHash format.
Since we cannot know which the user has provided, add a constant representing the unknown algorithm to allow us to indicate that we must look the correct value up.
Integrate hash algorithm support with repo setup
In future versions of Git, we plan to support an additional hash algorithm.
Integrate the enumeration of hash algorithms with repository setup, and store a pointer to the enumerated data in struct repository.
Of course, we currently only support SHA-1, so hard-code this value inread_repository_format
.
In the future, we'll enumerate this value from the configuration.Add a constant,
the_hash_algo
, which points to thehash_algo
structure pointer in the repository global.
Note that this is the hash which is used to serialize data to disk, not the hash which is used to display items to the user.
The transition plan anticipates that these may be different.
We can add an additional element in the future (say,ui_hash_algo
) to provide for this case.
artagnon
) .
avar
) .
gitster
-- merge 于
commit 34f2297 ,2018 年 8 月 20 日)
doc
hash-function-transition
: pick SHA-256 as NewHashFrom a security perspective, it seems that SHA-256, BLAKE2, SHA3-256, K12, and so on are all believed to have similar security properties.
All are good options from a security point of view.SHA-256 has a number of advantages:
It has been around for a while, is widely used, and is supported by just about every single crypto library (OpenSSL, mbedTLS, CryptoNG, SecureTransport, etc).
When you compare against SHA1DC, most vectorized SHA-256 implementations are indeed faster, even without acceleration.
If we're doing signatures with OpenPGP (or even, I suppose, CMS), we're going to be using SHA-2, so it doesn't make sense to have our security depend on two separate algorithms when either one of them alone could break the security when we could just depend on one.
So SHA-256 it is.
Update the hash-function-transition design doc to say so.After this patch, there are no remaining instances of the string "
NewHash
", except for an unrelated use from 2008 as a variable name int/t9700/test.pl
.
bk2204
) .
szeder
) .
gitster
-- merge 于
commit d829d49 ,2018 年 10 月 30 日)
replace hard-coded constants
Replace several 40-based constants with references to
GIT_MAX_HEXSZ
orthe_hash_algo
, as appropriate.
Convert all uses of theGIT_SHA1_HEXSZ
to usethe_hash_algo
so that they are appropriate for any given hash length.
Instead of using a hard-coded constant for the size of a hex object ID, switch to use the computed pointer fromparse_oid_hex
that points after the parsed object ID.
GIT_SHA1_HEXSZ
进一步删除/替换为 Git 2.22(2019 年第二季度)和
commit d4e568b .
bk2204
) .
gitster
-- merge 于
commit 33e4ae9 ,2019 年 1 月 29 日)
Add a base implementation of SHA-256 support (Feb. 2019)
SHA-1 is weak and we need to transition to a new hash function.
For some time, we have referred to this new function asNewHash
.
Recently, we decided to pick SHA-256 asNewHash
.
The reasons behind the choice of SHA-256 are outlined in this thread and in the commit history for the hash function transition document.Add a basic implementation of SHA-256 based off
libtomcrypt
, which is in the public domain.
Optimize it and restructure it to meet our coding standards.
Pull in the update and final functions from the SHA-1 block implementation, as we know these function correctly with all compilers. This implementation is slower than SHA-1, but more performant implementations will be introduced in future commits.Wire up SHA-256 in the list of hash algorithms, and add a test that the algorithm works correctly.
Note that with this patch, it is still not possible to switch to using SHA-256 in Git.
Additional patches are needed to prepare the code to handle a larger hash algorithm and further test fixes are needed.
hash
: add an SHA-256 implementation using OpenSSLWe already have OpenSSL routines available for SHA-1, so add routines for SHA-256 as well.
On a Core i7-6600U, this SHA-256 implementation compares favorably to the SHA1DC SHA-1 implementation:
SHA-1: 157 MiB/s (64 byte chunks); 337 MiB/s (16 KiB chunks)
SHA-256: 165 MiB/s (64 byte chunks); 408 MiB/s (16 KiB chunks)
sha256
: add an SHA-256 implementation usinglibgcrypt
Generally, one gets better performance out of cryptographic routines written in assembly than C, and this is also true for SHA-256.
In addition, most Linux distributions cannot distribute Git linked against OpenSSL for licensing reasons.Most systems with GnuPG will also have
libgcrypt
, since it is a dependency of GnuPG.
libgcrypt
is also faster than the SHA1DC implementation for messages of a few KiB and larger.For comparison, on a Core i7-6600U, this implementation processes 16 KiB chunks at 355 MiB/s while SHA1DC processes equivalent chunks at 337 MiB/s.
In addition, libgcrypt is licensed under the LGPL 2.1, which is compatible with the GPL. Add an implementation of SHA-256 that uses libgcrypt.
bk2204
) .
gitster
-- merge 于
commit 676278f ,2019 年 10 月 11 日)
Instead of using
GIT_SHA1_HEXSZ
and hard-coded constants, switch to usingthe_hash_algo
.
bk2204
) .
gitster
-- merge 于
commit f52ab33 ,2020 年 2 月 5 日)
t4204
: make hash size independentSigned-off-by: brian m. carlson
Use
$OID_REGEX
instead of a hard-coded regular expression.
grep "^[a-f0-9]\{40\} $(git rev-parse HEAD)$" output
grep "^$OID_REGEX $(git rev-parse HEAD)$" output
OID_REGEX
来自
commit bdee9cd (2018 年 5 月 13 日)来自
brian m. carlson ( bk2204
) .
gitster
-- merge 在
commit 9472b13 中,2018 年 5 月 30 日,Git v2.18.0-rc0)
t/test-lib
: introduceOID_REGEX
Signed-off-by: brian m. carlson
Currently we have a variable,
$_x40,
which contains a regex that matches a full 40-character hex constant.However, with
NewHash
, we'll have object IDs that are longer than 40 characters.In such a case,
$_x40
will be a confusing name.Create a
$OID_REGEX
variable which will always reflect a regex matching the appropriate object ID, regardless of the length of the current hash.
bk2204
) .
gitster
-- merge 于
commit 5af345a ,2020 年 2 月 17 日)
t5703
: make test work with SHA-256Signed-off-by: brian m. carlson
This test used an object ID which was 40 hex characters in length, causing the test not only not to pass, but to hang, when run with SHA-256 as the hash.
Change this value to a fixed dummy object ID using
test_oid_init
andtest_oid
.Furthermore, ensure we extract an object ID of the appropriate length using cut with fields instead of a fixed length.
the_repository
其被调用者的实例,已使用 Git 2.26(2020 年第一季度)进行了清理(在某种程度上)。
matheustavares
) .
gitster
-- merge 于
commit 78e67cd ,2020 年 2 月 14 日)
sha1-file
: allowcheck_object_signature()
to handle any repoSigned-off-by: Matheus Tavares
Some callers of
check_object_signature()
can work on arbitrary repositories, but the repo does not get passed to this function. Instead,the_repository
is always used internally.
To fix possible inconsistencies, allow the function to receive a struct repository and make those callers pass on the repo being handled.
sha1-file
: passgit_hash_algo
tohash_object_file()
Signed-off-by: Matheus Tavares
Allow
hash_object_file()
to work on arbitrary repos by introducing agit_hash_algo
parameter. Change callers which have a struct repository pointer in their scope to pass on thegit_hash_algo
from the said repo.
For all other callers, pass onthe_hash_algo
, which was already being used internally athash_object_file()
.
This functionality will be used in the following patch to makecheck_object_signature()
be able to work on arbitrary repos (which, in turn, will be used to fix an inconsistency atobject.c
:parse_object()).
关于git - 为什么 Git 不使用更现代的 SHA?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28159071/
我时不时地输入“git”,然后想到别的东西,然后输入例如“git checkout master”。当然,这给我留下了 $ git git checkout master git: 'git' is
我做到了 git 克隆 git://foo.git 光盘富 ...编辑文件.. 现在我想重新开始。我不在乎我已经做出的任何改变,但我不想再次克隆整个巨型 foo.git,只是丢失我所有的更改。我怎
我在我的电脑上开发代码,我的计算节点很少。 为了让我的程序保持同步,我决定使用 git。以前,我以一种单向模式使用它来“下推”从 PC 到计算节点的更改。但是时不时遇到计算节点特有的小bug,现场修复
虽然它似乎什么也没做,但它没有给出任何警告或错误消息。有什么想法吗? 最佳答案 来自 Git 源的注释: /* * Read a directory tree. We currently ignor
我知道如何为这样的 HTTPS 请求提供用户名和密码: git clone https://username:password@remote 但我想知道如何像这样向 Remote 提供用户名和密码:
Git GUI、Git Bash 和 Git CMD 之间有什么区别?我是初学者,为了进行安装,我发现自己通常同时使用 git bash 和 git CMD 最佳答案 Git CMD 就像使用 git
有人能告诉我git中文件索引被删除是什么意思吗?这些文件在我的 VS Code 中标记为红色,但我仍然可以修改文件并将更改推送到将反射(reflect)这些更改的远程存储库。我认为这一切都是在我使用命
我通过 git 子树将 GLFV 库添加到项目中,但出现此警告“看起来您的 git 安装或您的 git-subtree 安装已损坏”。还描述了几个原因,为什么这可能是: 如 git --exec-pa
我有需要外部 git 项目的 repo,但我不想使用子模块,因为我想在 github 上存档所有文件,所以我认为我只是将具有 git repo 的整个目录添加到 git 但它不t 添加里面的 .git
我有需要外部 git 项目的 repo,但我不想使用子模块,因为我想在 github 上存档所有文件,所以我认为我只是将具有 git repo 的整个目录添加到 git 但它不t 添加里面的 .git
我一直在阅读一篇文章,作者在其中指示:在现有存储库中创建一个新存储库,并想知道这是否是他忽略的错误。稍后我会与他核实。 这些是我要检查的条件: 将现有目录制作成仓库的条件,并且已经 checkin 主
我确实在不同的计算机上处理相同的项目,我想知道是否有一种方法可以跟踪该 .git 文件夹,这样我就不必在所有本地文件中重新配置配置文件。 我将所有工作推送到 bitbucket。 最佳答案 不,没
这个问题在这里已经有了答案: How does git store files? (3 个答案) 关闭 9 年前。 我为我的许多项目创建了一个远程存储库,所以它是我的push 的目的地。与 git
应该如何在 git 中查看文件内容的完整历史记录? 一个文件在 git 中的历史很短,存储库通过 git-svn 同步,但在 svn 中的历史很长。 git 中的历史记录到达文件移动的位置。要查看历史
我是confused here ... 如何对修改后的文件进行git commit,以及如何对新文件进行git commit? 还有,你如何在git中单独提交文件? 最佳答案 git 提交过程分为两个
正在搜索 throw SO 来寻找答案。遇到这个似乎没有给出任何答案的旧线程。重新触发此线程,希望有人知道! 有人能告诉我 git subtree 和 git filter-branch 的区别吗?为
我想知道是否有一种方法可以避免在每个 Git 命令的开头键入单词 git。 如果有一种方法可以在打开命令提示符进入 “Git 模式” 后只使用一次 git 命令就好了。 例如: git> 之后,我们键
当您修改工作目录中的文件时,git 会告诉您使用“git add”暂存。 当您向工作目录添加新文件时,git 会告诉您使用“git add”开始跟踪。 我对这两个概念有点困惑,因为我假设跟踪文件的更改
为什么 git://有效 $ git clone git://github.com/schacon/grit.git Cloning into 'grit'... ... Checking conne
我在以下沙箱中练习 git:https://learngitbranching.js.org/?NODEMO 我在两个单独的 session 中运行了两组命令。第一组命令顺序如下: git clone
我是一名优秀的程序员,十分优秀!