On Mar 6, 2006, at 8:40 AM, Lance Massey wrote:
I want to create a database of files coming from multiple sources
across the internet.
Is an md5 hash suitable to uniquely identify each file? Or should I
opt for a SHA hash? Limewire at one point simply used the file name
and its size to identify files on gnutella... is that really viable?
I know md5 and SHA_1 have been cracked so far as concerning digital
signatures, but this isn't for security or encryption, just
identifying which file was accessed.
I think that SHA_1 has been theoretically cracked, but not
necessarily in real world situations; which means I think that they
cut a couple of years off the time required to crack a hash.
But even MD5 is "secure" enough in 99.999% cases... it would take a
super-genius and a lot of time to create a hostile executable that
matches exactly the same size and MD5 hash as the original file. If
you change just one byte, the MD5 hash would be different.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
