a program to delete duplicate files
Jeff Shannon
jeffshannon at gmail.com
Mon Mar 14 20:09:56 EST 2005
Patrick Useldinger wrote:
> David Eppstein wrote:
>
>> When I've been talking about hashes, I've been assuming very strong
>> cryptographic hashes, good enough that you can trust equal results to
>> really be equal without having to verify by a comparison.
>
> I am not an expert in this field. All I know is that MD5 and SHA1 can
> create collisions. Are there stronger algorithms that do not? And, more
> importantly, has it been *proved* that they do not?
I'm not an expert either, but I seem to remember reading recently
that, while it's been proven that it's possible for SHA1 to have
collisions, no actual collisions have been found. Even if that's not
completely correct, you're *far* more likely to be killed by a
meteorite than to stumble across a SHA1 collision. Heck, I'd expect
that it's more likely for civilization to be destroyed by a
dinosaur-killer-sized meteor.
With very few exceptions, if you're contorting yourself to avoid SHA1
hash collisions, then you should also be wearing meteor-proof (and
lightning-proof) armor everywhere you go. (Those few exceptions would
be cases where a malicious attacker stands to gain enough from
constructing a single hash collision to make it worthwhile to invest a
*large* number of petaflops of processing power.) Sure it's not "100%
perfect", but... how perfect do you *really* need?
Jeff Shannon
More information about the Python-list
mailing list