LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Why not just use the SHA1 only?

Why not just use the SHA1 only?

Posted Nov 15, 2008 8:25 UTC (Sat) by dlang (✭ supporter ✭, #313)
In reply to: Why not just use the SHA1 only? by nevets
Parent article: /dev/ksm: dynamic memory sharing

actually the statement is that you can't deliberatly come up with a conflicting sha1.

there are databases what hold the sha1 of various files, and there are a lot of known conflicts in them

(Log in to post comments)

Why not just use the SHA1 only?

Posted Nov 15, 2008 14:46 UTC (Sat) by jbh (subscriber, #494) [Link]

Are you sure? According to wikipedia, none have been found (although it is known that it can be found with complexity 2^63, less than the expected 2^80).

Why not just use the SHA1 only?

Posted Nov 15, 2008 14:56 UTC (Sat) by jbh (subscriber, #494) [Link]

Just to be clear: If you restrict yourself to "collision-prone" SHA1s, there's a 1/2^63 chance of conflict. With normal (random) SHA1s, the chance is 1/2^80. Deliberately creating a conflict with a given SHA1 (second preimage attack) is still 1/2^160, and the chance of that second preimage being non-gibberish substantially lower.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds