On Sat, Apr 16, 2005 at 10:58:15AM -0400, C. Scott Ananian wrote: > Even given the known weaknesses in MD5, it would take much more than a > million documents to find MD5 collisions. I can only conclude that the > hash was being used incorrectly; most likely truncated (my wild-ass guess > would be to 32 bits; a collision is likely with > 50% probability in a > million document store for a hash of less than 40 bits).
I've also seen non thread-safe GUID generation, using MD5m hit collisions: but of course that was due to the fact that the code had thread safety issues, not because anyone actually ever hit a MD5 collision... Of course there are constructed cases of MD5 collision, but those are pretty disinteresting. Give me two files that have useful content and the same hash, and then I'll be impressed. Linus has already weighed in that he doesn't give a crap. All the crypto-babble about collision whitepapers is uninteresting without a repo that has real collisions. git is far too cool as is - prove I should be concerned. -- Ross Vandegrift [EMAIL PROTECTED] "The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell." --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html