On Fri, 23 Dec 2005 21:56:44 -0800, Paul Rubin wrote: > Steven D'Aprano <[EMAIL PROTECTED]> writes: >> > There are also known ways of deliberately constructing md5 collisions >> > (i.e. md5 is broken). Whether the OP should care about that depends >> > on the application. >> >> Sure, but I don't he is deliberately trying to sabotage his own files :-) > > He might have downloaded a file created by a saboteur to have the same > md5 as some popular music file, but which contains a subliminal > hypnotic message which will brainwash him if played. Using a stronger > hash, such as sha256, should protect him from this fate.
But the odds of such a message having the same MD5 as an existing song on his disk is quite a lot higher than 2**64, unless he has a really, really large music collection ;) In the case you propose, two files don't just need to have the same MD5, but they also need to have a whole lot of other characterstics; both need to be (somewhat) valid MP3's, one needs to be a piece of music (or other sound) that is somewhat to the target's liking, and the other needs to be something playable with a subliminal message the target is likely to respond to. Calculate-me-odds-on-THAT-<wink>-ly 'yrs, -- Thomas Wouters <[EMAIL PROTECTED]> Hi! I'm a .signature virus! copy me into your .signature file to help me spread! -- http://mail.python.org/mailman/listinfo/python-list
