Message Digest as a Message Fingerprint
Statistically speaking, it is possible for there to be multiple documents whose hashes are the same, since you are identifying a potentially large item (a document) by a smaller key value.
Fortunately, it is also unlikely that two documents with the same hash value both make sense one is likely to be a series of random characters that just happens to result in the same hash value, or sum. It would be obvious to the user upon seeing the document, that something is wrong with it. It is considered computationally infeasible to modify the content of a message or program while retaining the same sum, and have the modified content be a reasonable replacement for the original, rather than obviously invalid gibberish. Its not necessarily impossible to do this, but with most hashing algorithms, it would take a prohibitively large amount of time to find another plausible document with the same hash value. For some information on duplicate hash value related issues in MD5, see this informational page on MD5.389
Often, but not universally, the longer the hash value produced by the hashing algorithm (assuming it is a mathematically-good algorithm from a crypto standpoint), the less susceptible it is to this sort of attack. This is one of the reasons that the SHA-1 hashing algorithm is considered by some to be stronger than MD5. As we mentioned earlier, the SHA-1 algorithm produces a 160-bit message digest, while the MD5 algorithms message digest is only 128-bits. To account for increased computer processing speeds, even stronger versions of the SHA, which produce message digests of 256 or more bits, have recently been standardized.390 Another hashing algorithm you may encounter in your digital travels is RIPEMD-160, considered to be on a par with SHA-1.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.