On Thu, 9 Jun 2005, Chris Santerre wrote:
> >My only comment on a system like this is that it could be
> >easily subverted.
> >A spammer could use automated image editting tools to randomly
> >change some
> >aspect of the file that would give it a totally different MD5 sum. Like
> >changing the lower right pixel to a different color would
> >throw the md5 sum
> >way off.
>
> I completely agree. But I'd like to see it tried. Then maybe combine it with
> distancing techniques to see how distant one MD5 is to another.
Nice try, but the crypto characteristic of MD5 makes this totally
impractical. One of the attributes of MD5 (by design) is that even small
changes in the input cause signficant changes in the output.
This is intended to deter attackers from breaking crypto systems
with incremental guessing methods.
Try this; take a 100Kbyte text file, get a MD5 sum, change one letter
(say a 'b' to 'c') and re-calculate the MD5 sum.
Note that almost every digit of that 32 digit hex value has changed,
even tho you've changed only 1 bit out of 800,000 bits of data in
that file.
There are image processing algorithms that are much better at 'looking'
at two images and giving a 'distance' value. (Only problem is that they're
compute intensive).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
