On Mon, 18 Apr 2005, Herbert Xu wrote:
>
> I wasn't disputing that of course. However, the same effect can be
> achieved in using a single hash with a bigger length, e.g., sha256
> or sha512.
No it cannot.
If somebody actually literally totally breaks that hash, length won't
matter. There are (bad) hashes where you can literally edit the content of
the file, and make sure that the end result has the same hash.
In that case, when the hash algorithm has actually been broken, the length
of the hash ends up being not very relevant.
For example, you might "hash" your file by blocking it up in 16-byte
blocks, and xoring all blocks together - the result is a 16-byte hash.
It's a terrible hash, and obviously trivially breakable, and once broken
it does _not_ help to make it use its 32-byte cousin. Not at all. You can
just modify the breaking thing to equally cheaply make modifications to a
file and get the 32-byte hash "right" again.
Is that kind of breakage likely for sha1? Hell no. Is it possible? In your
"in theory" world where practice doesn't matter, yes.
Linus
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
