[EMAIL PROTECTED] wrote: > I thought that two *non* identical names - as in case below will *not* > create the same hash > If it will, what is the probability ?
The probability of this happening is extremely low. For a 128-bit hash, such as md5, the probability is 1 in 2^128 (1 in 340,282,366,920,938,463,463,374,607,431,768,211,456) For a 160-bit hash, such as sha-1 which PGP uses, the probability is 1 in 2^160, 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976). "If the hash algorithm is properly designed and distributes the hashes uniformly over the output space, 'finding a hash collision' by random guessing is exceedingly unlikely (it's more likely that a million people will correctly guess all the California Lottery numbers every day for a billion trillion years). Other hashes have even more bits: the SHA-1 algorithm generates 160 bits, whose output space is four billions times larger than that produced by MD5's 128 bits." (from "An Illustrated Guide to Cryptographic Hashes"[1]) Of course, this only applies to a random method, but that is pretty much all peoples' names are going to give you. Recommended reading: MD5 (http://en.wikipedia.org/wiki/MD5) SHA-1 (http://en.wikipedia.org/wiki/SHA-1) Birthday Attack (http://en.wikipedia.org/wiki/Birthday_attack) Meet-in-the-Middle Attack (http://en.wikipedia.org/wiki/Meet-in-the-middle_attack) [1] http://www.unixwiz.net/techtips/iguide-crypto-hashes.html#collisions
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
