>>>>> "Trevor" == Trevor Phillips <[EMAIL PROTECTED]> writes:
Trevor> Another alternative is to get the MD5 base64 key to the
Trevor> URI. My query is, what is the chance of two URI's giving
Trevor> the same MD5? Is there any risk in it, or is MD5 guranteed
Trevor> to give unique ID's? (I know the risk would be SLIM, but
Trevor> how slim?) Is MD5 used regularly for this kind of thing?
What you're asking about is the likelihood of a 'birthday attack' on a
given hash. Quoting Bruce Schneier's 'Applied Cryptography', 2nd
ed. p166:
Finding two [m-bit] message that hash to the same value would only
require 2**(m/2) messages.... This means that if you're worried
about a birthday attack, you should use a hash value twice as long
as you otherwise might think you need. For example, if you want to
drop the odds of someone breaking into your system to less than 1 in
2**80, use a 160-bit one-way hash function.
So, with MD5 you have a 1 in 2**64 chance of getting a collision
between two URLs. Adding the lenght of the URL doesn't make any
practical difference as that's already done as part of the hashing
algorithm.
BTW, if you plan dealing with any cryptographic-related functions,
Schneier's book is a must: ISBN 0-471-12845-7
--
Stephen
"If I claimed I was emporer just cause some moistened bint lobbed a
scimitar at me they'd put me away"
