On Tue, Sep 17, 2013 at 01:21:04PM +0000, hru...@gmail.com wrote: > Raimo Niskanen <raimo+open...@erix.ericsson.se> wrote: > > > When you have two different real world contents the collision probability > > is just that; 2^-160 for SHA-1. It is when you deliberately craft a > > second content to match a known hash value there may be weaknesses > > in cryptographic hash functions, but this is not what rsync nor Git > > does, as Marc Espie pointed out in this thread. > > You have strings A and B, and you know only that hash(A)=hash(B): what > is the probability that A=B? 2^-160?
You have to mean "what is the probability that A != B", and it is 2 ^ (-160). If you actually mean what you wrote, the probability of A = B is 1 - (2 ^ (-160)), which is as said earlier in this thread higher than what you get when storing the string on disk and then reading it back. > > Rodrigo. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
