Does the current version of git (2.30.0) already use SHA256 to calculate commit hashes by default?
If not, how can SHA-256 be enabled for a new git repository and how can be checked whether a certain git repository uses SHA-256 or SHA-1 for its commit hashes?
Whether to use SHA-1 or SHA-256 is a per-repository setting in recent versions of Git. The plan is eventually to make it possible to store data in a repository in SHA-256 and access the objects with either the SHA-1 name or the SHA-256 name. SHA-1 remains the default.
Do note that the SHA-256 mode is experimental and could theoretically change but there are no plans to do so. The Git developers are making every effort to not break compatibility with existing SHA-256 repositories.
To create a new repository with SHA-256, use the --object-format option to git init. If you want to know which algorithm a local repository uses, run git rev-parse --show-object-format, which will output either sha1 or sha256. To see the hash of a remote repository, you can use git ls-remote and verify the length of the hashes printed.
Do note that no major forges support SHA-256 and therefore such repositories cannot be uploaded to them.