# IBM to Provide Security w/o Sacrificing Privacy Using Hash

Alex Mauer hawke at hawkesnest.net
Wed May 25 18:20:36 CEST 2005

```gpg.20.subu at spamgourmet.com wrote:
> I thought that two *non* identical names - as in case below will *not*
> create the same hash
> If it will, what is the probability ?

The probability of this happening is extremely low.

For a 128-bit hash, such as md5, the probability is 1 in 2^128 (1 in
340,282,366,920,938,463,463,374,607,431,768,211,456)

For a 160-bit hash, such as sha-1 which PGP uses, the probability is 1
in 2^160, 1 in
1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976).

"If the hash algorithm is properly designed and distributes the hashes
uniformly over the output space, 'finding a hash collision' by random
guessing is exceedingly unlikely (it's more likely that a million people
will correctly guess all the California Lottery numbers every day for a
billion trillion years).  Other hashes have even more bits: the SHA-1
algorithm generates 160 bits, whose output space is four billions times
larger than that produced by MD5's 128 bits."

(from "An Illustrated Guide to Cryptographic Hashes"[1])

Of course, this only applies to a random method, but that is pretty much
all peoples' names are going to give you.

MD5 (http://en.wikipedia.org/wiki/MD5)
SHA-1 (http://en.wikipedia.org/wiki/SHA-1)
Birthday Attack (http://en.wikipedia.org/wiki/Birthday_attack)
Meet-in-the-Middle Attack
(http://en.wikipedia.org/wiki/Meet-in-the-middle_attack)

[1] http://www.unixwiz.net/techtips/iguide-crypto-hashes.html#collisions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 374 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050525/aab7492c/signature.pgp
```