BUG? sha-moduel returns same crc for different files
kragen at dnaco.net
Tue Sep 19 02:21:51 CEST 2000
In article <LNBBLJKPBEHFEDALKOLCCELAHGAA.tim_one at email.msn.com>,
Tim Peters <tim_one at email.msn.com> wrote:
>> since there are 4294967296 times more possible values for sha-1
>> than for md5, methinks this would not make much difference.
>Then it depends on how valuable a small difference is to your application.
>If you're betting someone's life on it, it's a good idea to combine a
>variety of methods with different underpinnings (to guard against
>currently-unknown systematic weakness in any one of them). If you're just
>trying to save a few of bytes of disk storage, a plain CRC32 is much cheaper
>and probably adequate.
I'd have no problem betting *my* life on never getting accidental false
collisions with MD5, at least given a dollar or two on the other side;
I wouldn't want to bet my life on never getting accidental false
collisions with CRC32.
SHA-1 looks safer from deliberate collisions than MD5.
<kragen at pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
Perilous to all of us are the devices of an art deeper than we ourselves
-- Gandalf the Grey [J.R.R. Tolkien, "Lord of the Rings"]
More information about the Python-list