It seems like SHA1 has been deprecated a long time ago. So why do people still not use SHA256 for new repos?
You must log in or # to comment.
Because the git commit hash is not suppose to be used as a security measure, just a identification measure.
Sha1 is still secure for this use too. Both preimage properties remain unbroken.
What do you mean by “use SHA1 for Git”? Are you referring to commit hashes? They probably don’t have any security implications that would warrant a stronger hash
yes. commit hashes. fixed the title.
It’s the default, and iirc git only uses SHA-1 for id stuff.
