# Uniquely identifying each & every html template

Dave Angel d at davea.name
Thu Jan 24 01:09:52 CET 2013

```On 01/23/2013 06:25 PM, Chris Angelico wrote:
> On Wed, Jan 23, 2013 at 11:38 PM, Dave Angel <d at davea.name> wrote:
>> You think it's an accident that md5 size is roughly equivalent to 39 decimal
>> digits?  Or that the ones that haven't been proven insecure are much larger
>> than that?  The sha512 hash is roughly equivalent to 154 decimal digits.
>
> Proving a hash function secure or not is orthogonal to its length. You
> could have a cryptographically secure hash function that produces a
> single byte; you'd get collisions pretty often, but that's understood.
> Conversely, you could have an insecure hash that produces a value
> several orders of magnitude longer than SHA512. Look at this:
>
> def big_long_hash(val):
>      return sum(bytes(str(val),"utf-8"))*12345678901234567890
>
> But longer hashes do reduce the chance of collisions, by the
> fundamental rules of mathematics.
>

I certainly can't disagree that it's easy to produce a very long hash
that isn't at all secure.  But I would disagree that longer hashes
*automatically* reduce chances of collision.

Anyway, about cryptographically ...

OK, I'd like to learn here.  I thought that "cryptographically secure"
meant that it was infeasible to take a given message and make an
innocuous change to it (such as adding a trailer of whatever size) and
from that produce a predetermined hash value.

Obviously "infeasible" will change over time.  But if my definition is
even close, then wouldn't it be a necessary (not sufficient) condition
that the hash be at least some certain size.  It is that size I was
trying to impress on the OP.

Wikipedia - http://en.wikipedia.org/wiki/Cryptographic_hash_function

seems to say that there are four requirements.
it is easy to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same hash

Seems to me a small hash wouldn't be able to meet the last 3 conditions.

--
DaveA

```

More information about the Python-list mailing list