> Git is not really using SHA-1 for encryption, just as unique hashes.
By "encryption" do you mean "cryptography"?
If I sign a git tag, I am signing a data structure that consists of SHA-1 hashes of other data structures. Any attack on SHA-1 means that the thing I'm signing can be subverted.
So, yes, git is using SHA-1 for cryptographic purposes.
> I think it is unlikely to get a collision in a non-contrived instance.
Why do you think this? Usually in engineering we prefer to back up statements like this with evidence.
In particular, practical SHA-1 collisions have been demonstrated: https://shattered.io/
And an attacker is going to be trying to contrive a collision, are they not?
And none of this explains why git didn't use SHA-256 back when it was easy to change. Even if SHA-1 isn't broken in practice (which it is), there's no downside to using SHA-256.
By "encryption" do you mean "cryptography"?
If I sign a git tag, I am signing a data structure that consists of SHA-1 hashes of other data structures. Any attack on SHA-1 means that the thing I'm signing can be subverted.
So, yes, git is using SHA-1 for cryptographic purposes.
> I think it is unlikely to get a collision in a non-contrived instance.
Why do you think this? Usually in engineering we prefer to back up statements like this with evidence.
In particular, practical SHA-1 collisions have been demonstrated: https://shattered.io/
And an attacker is going to be trying to contrive a collision, are they not?
And none of this explains why git didn't use SHA-256 back when it was easy to change. Even if SHA-1 isn't broken in practice (which it is), there's no downside to using SHA-256.