On Tue, Sep 9, 2008 at 4:59 PM, Louis Ryan <[EMAIL PROTECTED]> wrote: > I would think MD5/SHA1 would be perfectly fine. > > Brian are we worried about someone generating enough random variations of > content to force collisions and get someone elses content from the cache? A > brute force attack would require generating so many requests to the server & > cache that it seems unfeasible. This is a closed system so the hashes > themselves are never exposed publicly. Am I missing something? It seems like > we would only care about the functional requirement of a hash that has a > very low probability of collision and a collision detection mechanism.
Yeah, you're right, md5 or sha1 would be fine. I was thinking about this in terms of an attacker who already knew the hash they were looking for, but that doesn't seem likely.
