war story: parallel(1) command

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Tue Jul 30 14:57:58 UTC 2013


On Tue, Jul 30, 2013 at 12:33:28AM -0400, Eric B wrote:
> It is easy to find collisions on a Linux filesystem with a 32-bit CRC
> checksum.  If you have more than 65,000 (~ 2^(32/2)) files,
> you will probably find at least one.
> 
> One would think that MD5 is good enough,
> but because it is cryptographically broken, you could find collisions
> that were legitimately generated and not adversarial.
> For example, you might unpack something related to hashes, and it
> contains examples of two different files with duplicate MD5 hashes.

Well no.  Because flaws have been found, adversarial collisions are
apparently possible.  That doesn't really affect the likelihood of you
accidentally finding two files with a collision.  That is pretty unlikely,
whether or not md5 is cryptographically broken or not.

> To be safe, use a stronger hash.

To be _safer_, not _safe_.

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list