On Sat, Dec 29, 2007, Matija Grabnar <[EMAIL PROTECTED]> said: > Paul J Stevens wrote: >> and you can select >> the hash(es) you trust not to generate collisions. > Any hash you choose (as long as it shorter than the messages) WILL > generate collisions. It is a mathematical fact. You can not represent > all possible attachments with a short hash value. > (If you could, it wouldn't be a hash algorithm, it would be a > compression algorithm ;-) > > I re-iterate: regardless of which digest algorithm is chosen, the code > MUST be able to > detect and correctly handle collisions. Collisions WILL occur, > regardless of the algorithm > chosen. It is a mathematically provable fact.
The risk of collision is very small, but is real -- every has acknowledged that. Then there's the evaluation of the risk, which we also all know to be extremely small, and the cost of mitigation, which involves a little decision making and some engineering time (to do byte-by-byte checking, or to double hash, or both, or some other approach to be thought up). It'll happen, really. Aaron _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
