The collision probability is quite low. MD5 is considered to b broken from a cryptographical point of view - an attacker can craft a file that has the exact same hash of another one. I would doubt that you are going to encounter a collision in practice on "normal" usage.
So no, I would not consider the usage of MD5 to break CouchDB. On 23.09.2010, at 09:44, Paul Hirst wrote: > Hi, > > There was a previous thread about exposing the MD5 of attachments and > this got me thinking. > > Since MD5 is 'broken' (ie two different files can be generated with the > same MD5 hash) I have a few of questions. > > * Does this actually break couchdb? Ie would it be impossible to > upload two different attachments with the same MD5? > * To the same document? > * To different documents? > * Are there any other implications? Would replication get > confused? > * Has anyone considered switching to a stronger checksum? > > This isn't just a theoretical problem to me. I would genuinely like to > store two files in couchdb which have the same MD5. > > > > > Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United > Kingdom. > Company Reg No 2096520. VAT Reg No GB 348 3873 20.
