-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Montag, 9. April 2007 13:57 schrieb Carlos E. R.: > The Monday 2007-04-09 at 07:28 -0400, James Knott wrote: > > Bear in mind an md5sum is only 128 bits. It is impossible for there to > > be only one file that results in that sum, given that a file can be any > > size, with any value in each of the bytes. However, it's virtually > > impossible to change a file so that it has the same md5sum and is still > > sensible in the intended application. A small change in the original > > file makes a big change in the md5sum. > > Exactly. > > But it will also be possible to find several files of the same size that > produce the same checksum. I have no idea how many, but there will be a > number that I think could be calculated. Of course not, if I calculated it right there are 20370359763344860862684456884093781610514683936659362506361404493543\ 81299763336706183397376 (a 32 char long string, which contains a-f (6) and 0-9 (10), so 32^60, right?) possible md5sums, so sure it'll be possible to have two files with the same, the point is, that it is almost impossible to make use of it to attack something, since the file with the same md5sum must be valid and contains the destructive code and this will be rather difficult.
Cheers Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGGkHucHwbW/zlOZoRAs+HAKCU2r2vURni4QfdZ6m/aUzlGFwfmgCgiunb LtMCdg6Gw2elHc1PJmQMFDY= =pTcH -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
