On Sat, Apr 16, 2005 at 10:58:15AM -0400, C. Scott Ananian wrote:
> Even given the known weaknesses in MD5, it would take much more than a
> million documents to find MD5 collisions. I can only conclude that the
> hash was being used incorrectly; most likely truncated (my wild-ass guess
> would be to 32 bits; a collision is likely with > 50% probability in a
> million document store for a hash of less than 40 bits).
I've also seen non thread-safe GUID generation, using MD5m hit collisions:
but of course that was due to the fact that the code had thread safety
issues, not because anyone actually ever hit a MD5 collision...
Of course there are constructed cases of MD5 collision, but those are
pretty disinteresting. Give me two files that have useful content and
the same hash, and then I'll be impressed.
Linus has already weighed in that he doesn't give a crap. All the
crypto-babble about collision whitepapers is uninteresting without a
repo that has real collisions. git is far too cool as is - prove I
should be concerned.
"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html