Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.012 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'modify': 0.05; 'that?': 0.05; 'compute': 0.09; 'length.': 0.09; 'size)': 0.09; 'def': 0.10; "wouldn't": 0.11; 'value.': 0.15; 'digits.': 0.16; 'hashes': 0.16; 'innocuous': 0.16; 'mathematics.': 0.16; 'md5': 0.16; 'op.': 0.16; 'wed,': 0.16; 'wrote:': 0.17; 'certainly': 0.17; 'jan': 0.18; 'obviously': 0.18; '(not': 0.20; 'equivalent': 0.20; 'trying': 0.21; 'meant': 0.21; 'produces': 0.22; "i'd": 0.22; 'this:': 0.23; "haven't": 0.23; 'seems': 0.23; 'least': 0.25; 'header:In-Reply-To:1': 0.25; 'header:User-Agent:1': 0.26; 'url:wiki': 0.26; 'rules': 0.27; '(such': 0.27; 'chris': 0.28; 'decimal': 0.29; 'hash': 0.29; 'url:wikipedia': 0.29; 'definition': 0.29; 'function': 0.30; 'could': 0.32; 'certain': 0.33; 'to:addr:python-list': 0.33; "can't": 0.34; 'whatever': 0.35; 'conditions.': 0.35; 'pm,': 0.35; 'there': 0.35; 'but': 0.36; 'url:org': 0.36; 'ok,': 0.37; 'two': 0.37; 'ones': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'url:en': 0.38; 'several': 0.39; 'to:addr:python.org': 0.39; 'received:192': 0.39; 'skip:" 10': 0.40; 'received:192.168': 0.40; 'think': 0.40; 'easy': 0.60; 'chance': 0.61; 'different': 0.63; 'secure.': 0.65; 'subject: & ': 0.67; 'secure': 0.67; 'received:74.208': 0.71; '2013': 0.84; 'collision.': 0.84; 'digits?': 0.84; 'insecure': 0.84; 'often,': 0.84; 'received:74.208.4.194': 0.84; 'understood.': 0.84; 'angel': 0.93 Date: Wed, 23 Jan 2013 19:09:52 -0500 From: Dave Angel User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 MIME-Version: 1.0 To: python-list@python.org Subject: Re: Uniquely identifying each & every html template References: <8deb6f5d-ff10-4b36-bdd6-36f9eed58e1e@googlegroups.com> <5dd4babd-716d-4542-ad36-e6a841b73ec3@googlegroups.com> <03581a24-9330-4019-bde9-61a607000d3d@googlegroups.com> <187d77e0-e948-46bf-acc5-668c446cf3aa@googlegroups.com> <239abe33-fa5b-41a9-ae80-5260b9b1bd9c@googlegroups.com> <2391171e-e170-4647-8924-8e446ea1c6b1@googlegroups.com> <9d9b287c-ca2a-49c1-a16b-e42cb2a5db38@q16g2000pbt.googlegroups.com> <6f3e7d20-3005-4d1e-b949-d90a78e7bbf6@googlegroups.com> <50FFD9B8.3090304@davea.name> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:YIClDbvqoUJwsoyeTAPF5ajl3LZEpt1yAWQKUWv2ekk PY5E+hw70m3Dds9Wrr9oXiSJp6i2yP6eH730VmgTNBv/0hOkeH vdJwKetd9rNoEscEsEjYtuH66SsbgdDs9D5Rnkwdcup3Pei3e+ xUR8qfOAk8vWKeoTYJqJ7bdvWxhbKKs8BY0HEiGCkKrpkFxSoN q14pA17ZLhfR5Slh2f2FKbhv8g4i3bdrumDgEpwMbmqXu2NMQi V+sdZt2ixC5SUHJPQJixHdWjYjKjER4aBNLAN5G0amZLGvtZQg eFK+2DgPp9jZqIwhLyi9Flch0MKXJGTQxa69vEzTZ3UksLT6Q= = X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 51 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1358986212 news.xs4all.nl 6850 [2001:888:2000:d::a6]:33272 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:37522 On 01/23/2013 06:25 PM, Chris Angelico wrote: > On Wed, Jan 23, 2013 at 11:38 PM, Dave Angel wrote: >> You think it's an accident that md5 size is roughly equivalent to 39 decimal >> digits? Or that the ones that haven't been proven insecure are much larger >> than that? The sha512 hash is roughly equivalent to 154 decimal digits. > > Proving a hash function secure or not is orthogonal to its length. You > could have a cryptographically secure hash function that produces a > single byte; you'd get collisions pretty often, but that's understood. > Conversely, you could have an insecure hash that produces a value > several orders of magnitude longer than SHA512. Look at this: > > def big_long_hash(val): > return sum(bytes(str(val),"utf-8"))*12345678901234567890 > > But longer hashes do reduce the chance of collisions, by the > fundamental rules of mathematics. > I certainly can't disagree that it's easy to produce a very long hash that isn't at all secure. But I would disagree that longer hashes *automatically* reduce chances of collision. Anyway, about cryptographically ... OK, I'd like to learn here. I thought that "cryptographically secure" meant that it was infeasible to take a given message and make an innocuous change to it (such as adding a trailer of whatever size) and from that produce a predetermined hash value. Obviously "infeasible" will change over time. But if my definition is even close, then wouldn't it be a necessary (not sufficient) condition that the hash be at least some certain size. It is that size I was trying to impress on the OP. Wikipedia - http://en.wikipedia.org/wiki/Cryptographic_hash_function seems to say that there are four requirements. it is easy to compute the hash value for any given message it is infeasible to generate a message that has a given hash it is infeasible to modify a message without changing the hash it is infeasible to find two different messages with the same hash Seems to me a small hash wouldn't be able to meet the last 3 conditions. -- DaveA