[$] Moving Git past SHA-1 The
SHA-1 hash
algorithm has been known for at least a decade to be
weak; while no generated hash collisions had been reported, it was assumed
that this would happen before too long. On February 23, Google
announcedthat it had succeeded at this task. While the technique used is
computationally expensive, this event has clarified what most developers
have known for some time: it is time to move away from SHA-1. While the
migration has essentially been completed in some areas (SSL certificates,
for example), there are still important places where it is heavily used,
including at the core of the Git source-code management system.
Unsurprisingly, the long-simmering discussion in the Git community on
moving away from SHA-1 is now at a full boil.