[Novalug] linux update security?
pereira at speakeasy.net
Mon Jan 14 20:00:11 EST 2008
Clayton Graham wrote:
> Mark Smith wrote:
>>> but I have also heard that two different files can produce
>>> the same hash result, so a hacker can tweak run the md5 hash until
>>> they find a variant that produces the same md5, even though the
>>> content is different.
> Ummm, actually, yes. A simple way to think about it; an md5 hash is 128
> bits long, so there are 2^128 different md5 hashes, and 2^128 is
also the number of different 16-byte files.
But this is only theoretical, very, very theoretical. 2^128 is an
such an enormously large number, about 10^(128/3) or 10^40, that
you can't fit these files on all the hard disks in the world by a
long shot. In a 1 Tb drive you have 10^15 bits or bytes (it hardly
matters: an order of magnitude is nothing, like in some astronomical
estimates), so it holds maybe 10^15 files. You need 10^25 of these
large drives to store all these files before 2 of them give the
same hash, or are the same. That's 10^15 of these enormous drives
for every man, woman and child in the whole world, all 10 billion
of them. One stack of these drives, for each person, would reach
beyond the Sun.
The 10^25 drives easily cover the whole earth. I calculate you
need 10^17 of them for a single laer, so you have a layer of
100 million thick that stretches beyond the atmosphere (100 km).
So, I'd say the md5 hash is pretty secure.
More information about the Novalug