Hello! On Fri, Sep 04, 2015 at 08:56:23PM +0200, Sergey Brester wrote:
> On 04.09.2015 20:10, Maxim Dounin wrote: > > >For sure this is something that can be done. The question remains > >though: how often collisions are observed in practice, is it make > >sense to do anything additional to protect from collisions and > >spend resources on it? Even considering only md5, without the > >crc32 check, no practical cases were reported so far. > > What? > That SHOULD be done! Once is already too much! No one yet happened. And likely won't ever happen, as md5 is a good hash function 128 bits wide, and it took many years to find even a single collision of md5. And even if it'll happen, we have crc32 check in place to protect us. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
