BruteForce

[dr_hubble]

Quote:

Originally Posted by Trilight

correct, but who cares if the collision is one in a trillion cases? I don't have that many files, neither on DF, nor on all hosts nor on my PC. It is unique enough for me If I loose only 1 file in a trillion due to a collision then I will not shed a tear for this file.

It's not one in a trillion cases, it's creating on demand thus people can be faking files. I haven't seen such cases in the wild, but if there's money to be made by exploiting it then it will be come a big problem identifying real or fake ones by using md5 hashes.

For example, creating empty/crappy xxx MB files with the same md5 hashes as the real ones. Uploading time is next to nothing, uploaders will rake in, downloaders/leechers will get nothing/pissed off. This is just a really bad dream... not if but when this happens.

Quote:

It seems that MD5 is also unique enough for all those hosters that are using it. Creating sha-2 hashes, storing + indexing those longer codes might have financial impact if you are storing hundreds of millions of files.

In a world of lawsuits it's only a matter of when, when people sue file hosters for deleting their legitimate files that's identical to copyrighted files according to md5 hashes. Storage/indexing of these hashes is the least of their worries with hardware support for sha-2 and compressable data such as sha-2 hashes, much more important is to not lose a lawsuit.