On Thu, Sep 22, 2016 at 12:56 PM, Matthew Miller
<mat...@fedoraproject.org> wrote:
> On Thu, Sep 22, 2016 at 07:57:48PM +0200, Roberto Ragusa wrote:
>> > Don't use MD5. You will get unintentional file collisions. (SHA-256 is
>> > good. It depends on just how much you are comparing.)
>> MD5 unintentional collisions?
>> It is 128 bit, so you will have a collision after about 2^64 files,
>> according to the birthday theorem.
> It's pretty unlikely in the real world, but...
> ONE="d131dd02c5e6eec4693d9a0698aff95c2fcab58712467eab4004583eb8fb7f8955ad340609f4b30283e488832571415a085125e8f7cdc99fd91dbdf280373c5bd8823e3156348f5bae6dacd436c919c6dd53e2b487da03fd02396306d248cda0e99f33420f577ee8ce54b67080a80d1ec69821bcb6a8839396f9652b6ff72a70"
> TWO="d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5bd8823e3156348f5bae6dacd436c919c6dd53e23487da03fd02396306d248cda0e99f33420f577ee8ce54b67080280d1ec69821bcb6a8839396f965ab6ff72a70"
> echo $ONE | xxd -r -p | md5sum
> echo $TWO | xxd -r -p | md5sum
> echo $ONE | xxd -r -p | sha256sum
> echo $TWO | xxd -r -p | sha256sum

Right, this use case doesn't require a cryptographic function. It's
just over 120,000 files. More likely than a collision is a file copy
has a bit flip, the copies end up with different md5sums, and
therefore I end up storing both good and bad copies.

Chris Murphy
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Reply via email to