couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Cohnen <>
Subject Re: MD5 collisions
Date Thu, 23 Sep 2010 07:54:57 GMT
The collision probability is quite low. MD5 is considered to b broken from a cryptographical
point of view - an attacker can craft a file that has the exact same hash of another one.
I would doubt that you are going to encounter a collision in practice on "normal" usage.

So no, I would not consider the usage of MD5 to break CouchDB.

On 23.09.2010, at 09:44, Paul Hirst wrote:

> Hi,
> There was a previous thread about exposing the MD5 of attachments and
> this got me thinking.
> Since MD5 is 'broken' (ie two different files can be generated with the
> same MD5 hash) I have a few of questions.
>      * Does this actually break couchdb? Ie would it be impossible to
>        upload two different attachments with the same MD5?
>              * To the same document?
>              * To different documents?
>      * Are there any other implications? Would replication get
>        confused?
>      * Has anyone considered switching to a stronger checksum?
> This isn't just a theoretical problem to me. I would genuinely like to
> store two files in couchdb which have the same MD5.
> Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
> Company Reg No 2096520. VAT Reg No GB 348 3873 20.

View raw message