BUG? sha-moduel returns same crc for different files

[Kragen Sitaker]

In article <LNBBLJKPBEHFEDALKOLCCELAHGAA.tim_one at email.msn.com>,
Tim Peters <tim_one at email.msn.com> wrote:
>> since there are 4294967296 times more possible values for sha-1
>> than for md5, methinks this would not make much difference.
>
>Then it depends on how valuable a small difference is to your application.
>If you're betting someone's life on it, it's a good idea to combine a
>variety of methods with different underpinnings (to guard against
>currently-unknown systematic weakness in any one of them).  If you're just
>trying to save a few of bytes of disk storage, a plain CRC32 is much cheaper
>and probably adequate.

I'd have no problem betting *my* life on never getting accidental false
collisions with MD5, at least given a dollar or two on the other side;
I wouldn't want to bet my life on never getting accidental false
collisions with CRC32.

SHA-1 looks safer from deliberate collisions than MD5.
-- 
<kragen at pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
Perilous to all of us are the devices of an art deeper than we ourselves
possess.
                -- Gandalf the Grey [J.R.R. Tolkien, "Lord of the Rings"]