Do you have a plan to support SHA-2 ? a lot of platform compaines like Microsoft, Google, Apple will deplicate SHA-1 support in this year. Although Redis isn't facing front-end of application, but I think redis should support SHA-2 and deplicate SHA-1. Thanks.

Comment From: ramonsnir

SHA-1 isn't cryptographically secure, but it does give even distribution. Is there anything in Redis that uses SHA-1 as a security measure and not just a cheap hash function?

Comment From: itamarhaber

@ramonsnir nope - you're totally correct.

Comment From: scovetta

What would happen if SCRIPT LOAD were used to load two different scripts that happened to hash (under SHA-1) to the same value? I'm not terribly familiar with the codebase, but it looks like the second load would be silently ignored (with the same hash value returned to the user). Is the script cache shared between all databases?

Comment From: itamarhaber

What would happen if SCRIPT LOAD were used to load two different scripts that happened to hash (under SHA-1) to the same value? I'm not terribly familiar with the codebase, but it looks like the second load would be silently ignored (with the same hash value returned to the user).

That would be the case, yes.

Is the script cache shared between all databases?

Yes.

To sum it up, the probability of this (two valid and different scripts having the same digest) is extremely low. I'll close this issue now, but feel free to reopen or create a new one if needed.

Comment From: TimLovellSmith

To sum it up, the probability of this (two valid and different scripts having the same digest) is extremely low. I'll close this issue now, but feel free to reopen or create a new one if needed.

Just chiming in to update the discussion on this old issue - while random script collisions are extremely rare, that's not really an adequate reason from the point of view of security, because of malicious collisions, i.e. collision attacks.

Not to say the old analysis is wrong - times just keep changing.

So, I've created a new issue https://github.com/redis/redis/issues/12690