How to use SHA-256 instead of SHA-1 as Git hashing algorithm

On 23 February, 2017 the SHAttered attack demonstrated a practical SHA-1 hash collision. While it does not directly affect Git, it's only a matter of time before attacks are found against it.

The NIST has started recommending to STOP using SHA-1 back in 2006!

With v2.42.0 Git has finally marked the SHA-256 hashing algorithm as stable, so here is how to create git repositories using SHA-256.

$ mkdir my_project
$ cd my_project
$ git init --object-format=sha256 .

Please note that SHA-256 repositories are not compatible with SHA-1 repositories so you will likely lose your history.

1 email / week to learn how to (ab)use technology for fun & profit: Programming, Hacking & Entrepreneurship.
I hate spam even more than you do. I'll never share your email, and you can unsubscribe at any time.

Tag: programming

Want to learn Rust, Cryptography and Security? Get my book Black Hat Rust!