couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hirst <paul.hi...@sophos.com>
Subject Re: MD5 collisions
Date Thu, 23 Sep 2010 08:13:38 GMT
On Thu, 2010-09-23 at 08:54 +0100, Sebastian Cohnen wrote:
> The collision probability is quite low. MD5 is considered to b broken
>  from a cryptographical point of view - an attacker can craft a file
>  that has the exact same hash of another one. I would doubt that you
>  are going to encounter a collision in practice on "normal" usage.

I really do have two crafted files with the same MD5 that I'd like to
store in CouchDB. They are proof of concept Windows executables and they
just happen to live in the set of files I'd like to store in Couch. It's
just 2 out of many millions of files but I'd really value an opinion on
if anything will break and in what way.

I'll admit, this is an unusual use case.

I want to use CouchDB to store files and metadata about files relating
to vulnerabilities, exploits, malware, etc. I could decide to throw away
these proof of concept files because they aren't actually that
interesting but there is a good chance the database I want to build
would see more of them in future.

Obviously, under normal usage this sort of thing would never be a
problem.


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
Company Reg No 2096520. VAT Reg No GB 348 3873 20.

Mime
View raw message