-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Vilain wrote:
[snip]
Basically, crc32 hashes aren't unique while md5 hashes are. SUN
offers md5 checksums of all the files in the Solaris distributions
as a
'fingerprint' to verify if a file is authentic. That way a sysadmin
can verify if the "ls" or "ps" they're using is the original from
SUN.
Hi,
I'm sorry, but MD5 hashes are *not* unique. An MD5 hash is 128 bits
long; therefore, for any input length > 128 bits, there must be at
*least* two possible inputs which produce the same output. For the
given file lengths measured in megabytes, there would be an immense
number of possible inputs that give the same output: the only thing
is, it's relatively difficult to arbitrarily *find* another file with
the same MD5 as a given input. They do exist, however, as a little
math demonstrates:
Number of possible MD5 hashes=2^128=3.4028236692093846e+38
Number of possible 1 kilobit files=2^1024=1.7976931348623159e+308
where ^ means "to the power of"
As you see, if the input is only a kilobit long, there are *immensely*
more possible inputs than possible outputs. Since every possible
input is mapped to some output, obviously multiple inputs must be
mapped to the same output. This is called a "hash collision". As far
as I know, MD5 is not perfectly secure about this (these are just
news items I read recently, I didn't look in detail at the subject);
however, a more secure hash, such as SHA-1, although obviously still
suffering from the *existence* of hash collisions, makes *looking*
for them very difficult (i.e. you just have to try every possible
input until you get a collision).
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBZgl/gxSrXuMbw1YRAtoWAJkBV342ESDMMhRmcJ28QX/wmUweUwCg+HI8
irJmD8Aelju4mJwxXN586Xo=
=d+rO
-----END PGP SIGNATURE-----