From 6b7a022c50a3334be7ad59081c82198a6147f658712612e18cabc61eaa9ff5f5 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Mon, 23 Oct 2023 00:00:00 +0000 Subject: New entry: journal-update-25 --- content/entry/journal-update-25.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 content/entry/journal-update-25.md diff --git a/content/entry/journal-update-25.md b/content/entry/journal-update-25.md new file mode 100644 index 0000000..85a4bfe --- /dev/null +++ b/content/entry/journal-update-25.md @@ -0,0 +1,25 @@ +--- +title: "Journal Update 25" +date: 2023-10-22T00:00:00Z +tags: ['journal updates'] +draft: false +--- +## What's New + +* [Received generous financial support](/2023/09/28/will-you-support-my-work/ "Will You Support My Work?"). Thanks everyone who has donated. I was not expecting so much help! +* [Added SimpleX as a contact method.](/about/ "About Page") I now offer SimpleX as a private and secure way to contact me. +* [Made minor journal theme improvements and bug fixes.](https://git.nicholasjohnson.ch/hugo-theme-journal/diff/?id=324f7ead1c9333c8580277316ae9f620dfed3d715e805b5f824d6fe4da15567e&id2=89e7b7b8c4bdb63cb5f6f154fd0d9c18a4beabff57d1f01f1adbf8219b1a3d49 "Journal Theme Improvements") +* [Updated my Git repositories to SHA-256.](https://git.nicholasjohnson.ch "My Git Repositories") This is my main reason for making this journal update. It's a significant change and I wanna spend some time talking about how and why I did it. + +For those who are not in the know, Git used to use SHA-1 for file and commit identity and integrity checking. SHA-1 is a [weak](https://shattered.io/ "SHAttered") cryptographic hash function that shouldn't be used anymore. Git has since switched to using SHA-1dc by default, a hardened version of SHA-1, but there's still a desire to transition away from any SHA-1 variant to the properly secure SHA-256. The transition plan was created in 2017. Six years later, some work has gone towards the transition, but it's incomplete and could remain that way for years to come. + +Git itself and an increasing number of software forges support SHA-256, but there's no compatibility between SHA-1dc and SHA-256 repos yet. This had been bugging me since SHA-1dc likely has lower longevity than SHA-256 and it being broken would render my [signify signatures](https://git.nicholasjohnson.ch/git-signify "git-signify") meaningless, and the full transition could still be years off. So I set out to transition my repos (not forked ones) to SHA-256 myself. For everybody else, I recommend just waiting for the official solution. + +In the end, I succeeded using a small script I hacked together and some manual rebasing. An alternative solution I considered was creating new SHA-256 Git repos based on the latest commit of my old SHA-1 repos. This solution would've been much quicker, easier, and less error-prone than what I did, but it also would've doubled the number of Git repos I have and created a messy situation where the commit history is split across two separate incompatible repos. + +In conclusion, I'm happy with the results and I'll make sure every new Git repository I create uses SHA-256 to avoid this situation in the future. + + +## Future Plans + +As for future plans, I'm still slowly working on getting rid of the [promoted page](/promoted/ "Promoted Page") and adding more [tags](/tags/ "Tags"). -- cgit v1.2.3