|
From: | Graydon Hoare |
Subject: | [Monotone-devel] Re: RFC: Fake IDs |
Date: | Tue, 18 Jul 2006 19:24:19 -0700 |
User-agent: | Thunderbird 1.5.0.4 (Windows/20060516) |
Nathaniel Smith wrote:
If we don't trust SHA1, why are we using it at all? :-)
I do trust SHA1, at least as far as it goes. I don't see how that's related to hard-coding a target for it to collide against when you have a simple means of picking a value you *know* is non-colliding.
If we hash some text, and then compare it to another equal-length bitstring... the collision probability is not affected by whether that other bitstrings was generated by pounding on the keyboard or by SHA1 of some other text. Am I missing something in this analysis?
I'm not concerned with collision probabilities per-se. I'm concerned with using collision probabilities as some proxy argument for what you actually want in this case. A "fake ID" is supposed to be "an ID I currently don't have in my database, or in the set of fake IDs I've currently chosen during this run". Why hash strings and wonder about probability when you can just check your database?
-graydon
[Prev in Thread] | Current Thread | [Next in Thread] |