[darcs-devel] [Haskell-cafe] Re: announcing darcs 2.0.0pre3
zooko at zooko.com
Thu Jan 24 19:26:59 EST 2008
> It's mostly historical, but also supported by the assumption that
> thought about it when *he* decided to use sha1 for the same purpose.
With all due respect, "Because Linus did it." is a bad reason. To
think no further than that would be irresponsible, even if Linus had
just now made his decision, and even if Linus were a security
expert. But in any case, there has been a significant new result
making SHA-1 cracking practical *since* Linus made that decision, and
Linus is not (and does not claim to be) a security expert.
Here are the comments from some people whose opinions about security
you should trust -- Bruce Schneier and Jon Callas. Note the
timestamps. Linus chose SHA-1 for git in 2005-04.
More information about the Haskell-Cafe