Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 35956 invoked from network); 23 Sep 2010 07:45:32 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 23 Sep 2010 07:45:32 -0000 Received: (qmail 824 invoked by uid 500); 23 Sep 2010 07:45:31 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 366 invoked by uid 500); 23 Sep 2010 07:45:28 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 358 invoked by uid 99); 23 Sep 2010 07:45:27 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Sep 2010 07:45:27 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of paul.hirst@sophos.com designates 213.31.172.36 as permitted sender) Received: from [213.31.172.36] (HELO mx6.sophos.com) (213.31.172.36) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Sep 2010 07:45:05 +0000 Received: from mx6.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id D4E21142001D for ; Thu, 23 Sep 2010 08:44:44 +0100 (BST) Received: from uk-exch1.green.sophos (uk-exch1.green.sophos [10.100.199.16]) by mx6.sophos.com (Postfix) with ESMTP id C5F3D702E1 for ; Thu, 23 Sep 2010 08:44:44 +0100 (BST) Received: from [10.181.0.194] (10.181.0.194) by uk-exch1.green.sophos (10.100.199.10) with Microsoft SMTP Server (TLS) id 8.1.340.0; Thu, 23 Sep 2010 08:44:44 +0100 Subject: MD5 collisions From: Paul Hirst To: Content-Type: text/plain; charset="UTF-8" Date: Thu, 23 Sep 2010 08:44:43 +0100 Message-ID: <1285227883.24186.78.camel@meerkat.green.sophos> MIME-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sophos.com; h=subject:from:to:content-type:date:message-id:mime-version:content-transfer-encoding; s=global; bh=IbPm8LVQvZFBFipX3UHLtErGHOzaRZOMnxCuKZI0MW8=; b=dcl9PG7UPEdpV8CwSycPQDaMi/YFzCgyd94PTRJS9vuCNW936fcvMXfRtiO06z9oPp34IuzJIv3O2Ovwty13v3ENCIFg4+vFPsl6rIjqu6Okv7uwYq6eC6y5uR2QBJrcGPcyEWWloeGH28ZOeULCYQRAB4yFZZas1V+rX1tYnvI= X-Virus-Checked: Checked by ClamAV on apache.org Hi, There was a previous thread about exposing the MD5 of attachments and this got me thinking. Since MD5 is 'broken' (ie two different files can be generated with the same MD5 hash) I have a few of questions. * Does this actually break couchdb? Ie would it be impossible to upload two different attachments with the same MD5? * To the same document? * To different documents? * Are there any other implications? Would replication get confused? * Has anyone considered switching to a stronger checksum? This isn't just a theoretical problem to me. I would genuinely like to store two files in couchdb which have the same MD5. Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United= Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20.