On Sat, Aug 2, 2014 at 7:42 AM, Terry Reedy <tjre...@udel.edu> wrote: > For mercurial, with no treat model, a 160 bit hash is used. Internet > applications need more bits and carefully vetted algorithms to hopefully > make the actual principle true.
Ditto git, which also has no threat model. I don't know of any situation in HTTPS that has this, but the classic concept of hashed passwords (quite independent of HTTPS) basically says "if I take an arbitrary/random salt and combine it with your password, and hash that, then the probability of a hash collision involving the same salt and a different password approaches 0". And any time "approaches 0" is provably false (or doesn't approach 0 closely enough), you have weak passwords, which is why it's a really bad idea to use MD5 passwording. Ergo MD5 is not (any more, at least) a "carefully vetted algorithm". (That said, though, I will happily use md5sum across a huge pile of files to find duplicates. It's a lot quicker than sha*sum, and I don't have reason to expect malicious hash collisions on my own hard drive. Plus, I can always just check some other way.) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
