IBM to Provide Security w/o Sacrificing Privacy Using Hash

Alex Mauer hawke at
Wed May 25 18:20:36 CEST 2005

gpg.20.subu at wrote:
> I thought that two *non* identical names - as in case below will *not*
> create the same hash
> If it will, what is the probability ? 

The probability of this happening is extremely low.

For a 128-bit hash, such as md5, the probability is 1 in 2^128 (1 in

For a 160-bit hash, such as sha-1 which PGP uses, the probability is 1
in 2^160, 1 in

"If the hash algorithm is properly designed and distributes the hashes
uniformly over the output space, 'finding a hash collision' by random
guessing is exceedingly unlikely (it's more likely that a million people
will correctly guess all the California Lottery numbers every day for a
billion trillion years).  Other hashes have even more bits: the SHA-1
algorithm generates 160 bits, whose output space is four billions times
larger than that produced by MD5's 128 bits."

(from "An Illustrated Guide to Cryptographic Hashes"[1])

Of course, this only applies to a random method, but that is pretty much
all peoples' names are going to give you.

Recommended reading:
MD5 (
SHA-1 (
Birthday Attack (
Meet-in-the-Middle Attack

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 374 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050525/aab7492c/signature.pgp

More information about the Gnupg-users mailing list