This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH]: random global function name

On Thu, Jul 10, 2003 at 09:35:00PM +0200, Kai Henningsen wrote:
> I'm pretty certain a md5 collision is far less likely than just about  
> every reasonable expectation you can come up with. This fear is entirely  
> spurious.

No, it isn't.

It is a mathematical certainty that collisions exist.  That you have
not found one for a particular hash is immaterial to the necessary
conclusion that compare-by-hash is algorithmically wrong.

Indeed, for most of the projects that use compare-by-hash you cannot,
by definition, detect a collision, since collisions are equated with
matching data.  So _of course_ they've never found one.

As long as we're quoting, how about

  http://www.usenix.org/events/hotos03/tech/henson.html

At minumum it shows that I am not alone in this thought.

I will grant that the use of a crc here in gcc is less evil than
elsewhere, since we're hashing something that is already known to
be non-unique (and so it doesn't really change the outcome much),
but I still object because there was no explanation at all as to
why the change was supposed to be worthwhile.


r~
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]