From: Andrew Ardill <andrew.ardill@gmail.com>
To: Shawn Pearce <spearce@spearce.org>
Cc: Josef Wolf <jw@raven.inka.de>, git <git@vger.kernel.org>
Subject: Re: What about SHA-1 collisions?
Date: Thu, 8 Nov 2012 10:44:43 +1100 [thread overview]
Message-ID: <CAH5451mwShC3QmX-5NxUO-00gx6uxNVKUHw4zrb=pyduHBJXLQ@mail.gmail.com> (raw)
In-Reply-To: <CAJo=hJtF2+Z1BDQnysB7hk2MM336iEUMHd3zSLCm14yvw1_-wg@mail.gmail.com>
A recent article [1] did an analysis on the number of items needed
from a given range to have a 50% chance of a collision. The famous
birthday paradox scenario was used, where you only need 23 people
before the chance of two of them having the same birthday is over 50%.
In this scenario there are ~366 options available to be picked from,
and 23 is significantly small in comparison.
The mathematics behind these statistics was extended to account for
any sized range (call it N) and it turns out that the number of items
(k) that can be picked before you have exceeded a given percentage
chance (T) of _not_ having a collision is roughly
k ~= sqrt(-2N.ln(T))
As pedrocr pointed out on Hacker News [2]
"Applying the formula for 160bit SHA-1 you need 1.7e23 objects to get
a 1% chance of collision. The current Linus kernel repository has 2.7
million objects. So to get a collision you'd need a repository that's
6e16 times larger. That should be plenty.
For some wacky perspective that's 10 million kernel sized
contributions for every man woman and child on earth together in a
single repository. It would seem git will reach plenty of other
bottlenecks before SHA-1 becomes a problem..."
An interesting analysis, even given that the OP presumes a collision
in their question.
Regards,
Andrew Ardill
[1] http://www.solipsys.co.uk/new/TheBirthdayParadox.html
[2] http://news.ycombinator.com/item?id=4753198
prev parent reply other threads:[~2012-11-07 23:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-06 20:26 What about SHA-1 collisions? Josef Wolf
2012-11-06 21:41 ` John McKown
2012-11-06 22:09 ` Josef Wolf
2012-11-07 15:42 ` Shawn Pearce
2012-11-07 23:44 ` Andrew Ardill [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAH5451mwShC3QmX-5NxUO-00gx6uxNVKUHw4zrb=pyduHBJXLQ@mail.gmail.com' \
--to=andrew.ardill@gmail.com \
--cc=git@vger.kernel.org \
--cc=jw@raven.inka.de \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).