Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #37523

Re: Uniquely identifying each & every html template

References (13 earlier) <9d9b287c-ca2a-49c1-a16b-e42cb2a5db38@q16g2000pbt.googlegroups.com> <6f3e7d20-3005-4d1e-b949-d90a78e7bbf6@googlegroups.com> <50FFD9B8.3090304@davea.name> <CAPTjJmpp9uJDz2qTf4sAKBj12dF7g=tJKDFDW4_1jh7RJcNs-Q@mail.gmail.com> <51007BD0.1030105@davea.name>
Date 2013-01-24 11:39 +1100
Subject Re: Uniquely identifying each & every html template
From Chris Angelico <rosuav@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.936.1358987959.2939.python-list@python.org> (permalink)

Show all headers | View raw

On Thu, Jan 24, 2013 at 11:09 AM, Dave Angel <d@davea.name> wrote:
> I certainly can't disagree that it's easy to produce a very long hash that
> isn't at all secure.  But I would disagree that longer hashes
> *automatically* reduce chances of collision.

Sure. But by and large, longer hashes give you a better chance at
avoiding collisions.

Caveat: I am not a cryptography expert. My statements are based on my
own flawed understanding of what's going on. I use the stuff but I
don't invent it.

> Wikipedia - http://en.wikipedia.org/wiki/Cryptographic_hash_function
>
> seems to say that there are four requirements.
> it is easy to compute the hash value for any given message
> it is infeasible to generate a message that has a given hash
> it is infeasible to modify a message without changing the hash
> it is infeasible to find two different messages with the same hash
>
> Seems to me a small hash wouldn't be able to meet the last 3 conditions.

True, but the definition of "small" is tricky. Of course the one-byte
hash I proposed isn't going to be difficult to break, since you can
just brute-force a bunch of message changes until you find one that
has the right hash.

But it's more about the cascade effect - that any given message has
equal probability of having any of the possible hashes. Make a random
change, get another random hash. So for a perfect one-byte hash, you
have exactly one chance in 256 of getting any particular hash.

By comparison, a simple/naive hash that just XORs together all the
byte values fails these checks. Even if you take the message 64 bytes
at a time (thus producing a 512-bit hash), you'll still be insecure,
because it's easy to predict what hash you'll get after making a
particular change.

This property of the hash doesn't change as worldwide computing power
improves. A hashing function might go from being "military-grade
security" to being "home-grade security" to being "two-foot fence
around your property", while still being impossible to predict without
brute-forcing. But when an algorithm is found that generates
collisions faster than the hash size indicates, it effectively reduces
the hash size to the collision rate - MD5 is 128-bit, but (if I
understand the Wikipedia note correctly) a known attack cuts that to
20.96 bits of "real hash size". So MD5 is still better than a perfect
16-bit hash, but not as good as a perfect 32-bit hash. (And on today's
hardware, that's not good enough.)

http://en.wikipedia.org/wiki/Collision_resistant

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-18 12:48 -0800
  Re: Uniquely identifying each & every html template John Gordon <gordon@panix.com> - 2013-01-18 20:59 +0000
    Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-18 14:12 -0800
  Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-18 17:09 -0500
    Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-19 00:39 -0800
      Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-19 04:00 -0500
        Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 23:08 -0800
          Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-21 18:20 +1100
            Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 01:19 -0800
              Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-21 20:31 +1100
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 04:06 -0800
                Re: Uniquely identifying each & every html template Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-21 12:39 +0000
                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 04:55 -0800
                Re: Uniquely identifying each & every html template rusi <rustompmody@gmail.com> - 2013-01-21 19:24 -0800
                Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-22 15:39 +1100
                Re: Uniquely identifying each & every html template Tom P <werotizy@freent.dd> - 2013-01-22 00:01 +0100
                Re: Uniquely identifying each & every html template Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-21 23:43 +0000
                Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-22 11:04 +1100
                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-22 17:36 -0800
                Re: Uniquely identifying each & every html template Joel Goldstick <joel.goldstick@gmail.com> - 2013-01-21 07:47 -0500
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:00 -0800
                Re: Uniquely identifying each & every html template Michael Torrie <torriem@gmail.com> - 2013-01-22 16:55 -0700
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:12 -0800
                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-23 01:37 -0800
                Re: Uniquely identifying each & every html template Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-01-23 09:49 +0000
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 02:29 -0800
                Re: Uniquely identifying each & every html template Joel Goldstick <joel.goldstick@gmail.com> - 2013-01-23 07:03 -0500
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 04:26 -0800
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 04:26 -0800
                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-23 06:25 -0800
                Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-23 07:38 -0500
                Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-24 10:25 +1100
                Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-23 19:09 -0500
                Re: Uniquely identifying each & every html template Chris Angelico <rosuav@gmail.com> - 2013-01-24 11:39 +1100
                Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-23 19:53 -0500
                Re: Uniquely identifying each & every html template Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-01-23 16:01 -0500
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:12 -0800
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:00 -0800
                Re: Uniquely identifying each & every html template Dave Angel <d@davea.name> - 2013-01-21 17:26 -0500
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 04:06 -0800
                Re: Uniquely identifying each & every html template Tim Roberts <timr@probo.com> - 2013-01-21 19:57 -0800
              Re: Uniquely identifying each & every html template Tim Roberts <timr@probo.com> - 2013-01-21 20:04 -0800
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 22:49 -0800
                Re: Uniquely identifying each & every html template Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-01-22 16:08 -0500
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:15 -0800
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-23 01:15 -0800
            Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 01:19 -0800
              Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 04:56 -0800
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:03 -0800
                Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 15:35 -0800
              Re: Uniquely identifying each & every html template Piet van Oostrum <piet@vanoostrum.org> - 2013-01-21 21:48 +0100
                Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 22:38 -0800
            Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:07 -0800
              Re: Uniquely identifying each & every html template alex23 <wuwei23@gmail.com> - 2013-01-21 15:36 -0800
              Re: Uniquely identifying each & every html template rusi <rustompmody@gmail.com> - 2013-01-21 20:18 -0800
            Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-21 07:07 -0800
        Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 23:08 -0800
      Re: Uniquely identifying each & every html template Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-01-19 16:32 -0500
        Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 22:52 -0800
        Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-20 22:52 -0800
      Re: Uniquely identifying each & every html template John Gordon <gordon@panix.com> - 2013-01-22 16:35 +0000
    Re: Uniquely identifying each & every html template Ferrous Cranus <nikos.gr33k@gmail.com> - 2013-01-19 00:39 -0800

csiph-web