Future of the Tree-SHA512 once everyone has upgraded GIT. #15578

issue da2ce7 opened this issue on March 11, 2019
  1. da2ce7 commented at 4:24 PM on March 11, 2019: none

    Git is transitioning to use secure 256bit hashes internally and for commit/tag/blob references. Because of the uncertainty with SHA-1, a SHA512 Tree was added to each merge-commit message; and a automatic script was written for maintainers that verifies the tree-hash's integrity.

    The development community of git maintain a document detailing their progress in addressing original design constraint of hard-coding SHA-1, and migrating to SHA-256:

    https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt

    It is not expected that this migration will be completed with great urgency; (unless more serious breakages of SHA-1 are published).

    Furthermore, the usage of the tree-sha512 hash within the Bitcoin Git commit history has the advantage of helping detect any software or other problems within git.

    Longer-term goals: Extract the tree-sha512 algorithms, and create a separate project for it's maintenance and support. Maybe a seperate project for the Bitcoin Github Merge script: https://github.com/bitcoin/bitcoin/blob/master/contrib/devtools/github-merge.py

  2. jonasschnelli added the label Scripts and tools on Mar 11, 2019
  3. sipa commented at 5:55 PM on March 11, 2019: member

    Once git (and other infrastructure we rely on, like github) properly support a better hashing mechanism I expect we'll just drop the tree-SHA512 hack. Or not, maintaining is very low cost, while extracting it into a separate project seems overkill.

  4. MarcoFalke commented at 6:05 PM on March 11, 2019: member

    I think the best workaround for now is to sign your commits (or at least the top commit of each branch you submit). That should prevent an adversary from grinding a conflicting commit id.

    We already do that in github-merge.py, so the sha512 hash is mostly calculated for fun, I believe.

  5. laanwj commented at 11:52 AM on March 12, 2019: member

    Yes, it's a stopgap measure, once it's no longer needed, I'd be happy to drop it.

    Or not, maintaining is very low cost

    It's very fast to compute on merges. Verifying it deeper like the verify-commits script does is fairly expensive, dropping that could save some Travis time.

    extracting it into a separate project seems overkill

    Some other projects already use bitcoin's github-merge.py script. Maintaining it as a separate project indeed seems overkill, and is not something I'd consider, though someone that wishes to do this can of course do so.

  6. MarcoFalke closed this on Apr 26, 2020
  7. MarcoFalke locked this on Feb 15, 2022
Contributors
da2ce7sipaMarcoFalkelaanwj
Labels
Scripts and tools
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-17 09:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me