Recent searches
Search options
@kees@fosstodon.orgI generated a 12-character commit SHA prefix collision with the start of Linux's git history. It took about 6 hours on an RTX 3080 GPU:
https://people.kernel.org/kees/colliding-with-the-sha-prefix-of-linuxs-initial-git-commit
@kees Thanks, this is a very useful datapoint. In FreeBSD we currently use 12 characters of the hash in uname and had a similar discussion about whether that's sufficient.
My assertion is that we're very far away from where we need to worry about non-malicious (unintentional) conflicts. It's quite useful to know how easy it is to get an intentional conflict.
https://cgit.freebsd.org/src/commit/?id=a1097094c4c5d810287aca092f4ab5f9f86a426a
@emaste It gets (obviously) exponentially more difficult to collide, so I think Geert's recommendation of 16 chars will be good for a while longer. (Assuming no quantumpocalypse.)
@kees funny thing, all prefixes on lucky-commit is also made equal (000000) :D
https://github.com/not-an-aardvark/lucky-commit/commits/main/
@KasTasMykolas @kees What about assigning every developer their own ID, and creating shortened commit IDs in the form <devid><N>, with N increasing? ;-)
@kees You gotta love this advice, though: “Make the tools deal with the cases we already have, and you'll find that the shortening is a complete non-issue.”
I'm afraid people will now try to solve it with genAI. Don't ask me why.
@kees I appreciate you did that! because it demonstrates a problem I recognized in so-called GUIDs -- that they are not as truly unique as people seem to assume and that it invites certain antipatterns that can bite hard
@kees With a 12 digit hash you only have to go through about 10⁸ guesses before you have a 50% chance of getting the collision, so I think everyone would accept it can be brute forced fairly easily.
However, git being CAM based and there really only being a single master tree, we can detect and prevent this using a pre-merge-commit hook in @torvalds 's tree. If it's malice we can stop there and if it really is an accidental collision a rebase of the pull would likely sort it.