Stuart McLachlan
stuart at lexacorp.com.pg
Sat Mar 19 08:29:55 CDT 2011
Using a 160 bit SHA1, the odds of getting a collision are 50% when you have approximately 2^80 messages. If you ever get near that number of records, I suggest you switch to SHA2 which is 256 bit :-) -- Stuart On 19 Mar 2011 at 9:21, jwcolby wrote: > Stuart, > > Thanks for that. I am not a cryptologist and all I can do is try to > use a tool I do not understand to solve a problem I do understand. If > my hashes really are that "unique / secure" then I will stop worrying > about it. I still need to do a check of actual data though because I > went looking one day and discovered "collisions". Given that we > believe the collision is not in the key itself, it must have been in > my method of finding the collision. > > In any case, I am not going to worry any more so thanks for the peace > of mind! ;) > > John W. Colby > www.ColbyConsulting.com > > On 3/19/2011 8:51 AM, Stuart McLachlan wrote: > > In the case of 1000 single character messages, you are bound to get > > collisions since there are only 256 possible original messages. You > > will be hashing the same value multiple times > > > > Apart from that, your understanding is incorrect. It doesn't matter > > how long the string is. The chances of a collision with two > > different messages remains the same. > > > > The message is hashed using padded blocks of a fixed length. > > There is no more chance of a collision between "a" and "b" than > > there is between "aaaaaaaaaaaaaaaaaaa" and "baaaaaaaaaaaaaaaaaaa". > > > > Specifically, the chance of a collision within n different messages, > > using b bits of encryption is (n*(n-1)/2) * (1/2^b). > > > > Note that the length of the message doesn't come into that equation. > > > > The probability of a collision is determined by only TWO things. > > > > 1) The length of the digest. > > 2) The quantity of messages. > > > > As for "everyone agrees". Noone who understands how it works, > > agrees. > > > _______________________________________________ > dba-VB mailing list > dba-VB at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-vb > http://www.databaseadvisors.com > >