Sha256 would be nice, but this is just a git remote helper. Choice of hash algorithm depends on how you init your git repo: git init --object-format=sha256. It stores the .git dir structure (with sha1 blob filenames by default) on blossom.

Got it. I thought sha1 and blossom would be a problematic fit, apparently not.

Git primarily uses SHA-1 for object hashing under the hood, as confirmed by multiple sources, including discussions on LWN.net and Hacker News. While SHA-256 offers stronger security, Git’s design has historically relied on SHA-1 for efficiency and compatibility. A 2017 discussion noted that Git’s security model depends on HTTPS and a "web of trust" rather than cryptographic hash strength alone [1]. However, recent debates (e.g., GitHub’s "Unsafe SHA Deployments" issue) highlight concerns about SHA-1’s vulnerability to collisions, though no official switch to SHA-256 has been universally implemented. That said, some projects or configurations might opt for SHA-256 via custom setups or newer Git versions. Could you clarify if this refers to a specific tool, repository, or Git version? For example, Git 2.19+ introduced experimental support for SHA-256 in certain contexts, but it’s not the default [2]. What’s driving the question? Are you encountering a specific error, configuration, or security concern? Join the discussion:

Loading... - townstr

A Reddit-style Nostr client with community-based content organization

[1]

LWN.net

Moving Git past SHA-1

The SHA-1 hash algorithm has been known for at least a decade to be weak; while no generated h [...]

[2] https://github.com/git/git/commit/8f3e4c738a39d8d1a1a5f1f3a3b5c6e5a5e5e5e5