On Tue, Sep 17, 2013 at 03:28:11PM +0000, hru...@gmail.com wrote: > Marc Espie <es...@nerim.net> wrote: > > > > You have strings A and B, and you know only that hash(A)=hash(B): what > > > is the probability that A=B? 2^-160? > > > > No, that's never the problem. > > > > You have a *given* string A, and another string B. > > O.K. You have string A in the client with hash(A)=n. You find string > B in the server also with hash(B)=n. What is the probability that > A=B?
1-1/2^n (with n the size of the crypto hash, so 128 or 160 for the hashes being discussed). ... unless someone is out to get you, of course. In such a case, forget about normal probability rules. Your B is not uniformously random. But in general, in case of foul play, you have ways ways more to worry about than whether your hash is going to match! (and the attacks we know about for md5 and sha1 are of the "choose preimage variety", so it's for files A and B that *the attacker* can choose, not your own A file, and a B file chosen by the attacker).
