This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH]: random global function name
On Thu, Jul 10, 2003 at 09:35:00PM +0200, Kai Henningsen wrote:
> I'm pretty certain a md5 collision is far less likely than just about
> every reasonable expectation you can come up with. This fear is entirely
> spurious.
No, it isn't.
It is a mathematical certainty that collisions exist. That you have
not found one for a particular hash is immaterial to the necessary
conclusion that compare-by-hash is algorithmically wrong.
Indeed, for most of the projects that use compare-by-hash you cannot,
by definition, detect a collision, since collisions are equated with
matching data. So _of course_ they've never found one.
As long as we're quoting, how about
http://www.usenix.org/events/hotos03/tech/henson.html
At minumum it shows that I am not alone in this thought.
I will grant that the use of a crc here in gcc is less evil than
elsewhere, since we're hashing something that is already known to
be non-unique (and so it doesn't really change the outcome much),
but I still object because there was no explanation at all as to
why the change was supposed to be worthwhile.
r~