This hash function is similar to a Linear Congruential Generator (LCG – a simple class of functions that generate a series of psuedo-random numbers), which generally has the form: X = (a * X) + c; // “mod M”, where M = 2^32 or 2^64 typically Note the similarity to the djb2 hash function… a=33, … Read more
This is not possible, for the sake of keeping Redis simple. Quoth Antirez, creator of Redis: Hi, it is not possible, either use a different top-level key for that specific field, or store along with the filed another field with an expire time, fetch both, and let the application understand if it is still valid … Read more
Basically it’s because the output of MD5 contains less information than the input. This is basically what distinguishes a hash algorithm from an encryption algorithm. Here’s a simple example: imagine an algorithm to compute the hash of a 10-digit number. The algorithm is “return the last 2 digits.” If I take the hash of 8023798734, … Read more
Of all bit-operations XOR has the best bit shuffling properties. This truth-table explains why: A B AND 0 0 0 0 1 0 1 0 0 1 1 1 A B OR 0 0 0 0 1 1 1 0 1 1 1 1 A B XOR 0 0 0 0 1 1 1 0 … Read more
Yes. MD5 has been completely broken from a security perspective, but the probability of an accidental collision is still vanishingly small. Just be sure that the files aren’t being created by someone you don’t trust and who might have malicious intent.
Probably because 397 is a prime of sufficient size to cause the result variable to overflow and mix the bits of the hash somewhat, providing a better distribution of hash codes. There’s nothing particularly special about 397 that distinguishes it from other primes of the same magnitude.
For a set of even billions of assets, the chances of random collisions are negligibly small — nothing that you should worry about. Considering the birthday paradox, given a set of 2^64 (or 18,446,744,073,709,551,616) assets, the probability of a single MD5 collision within this set is 50%. At this scale, you’d probably beat Google in … Read more
In your case, breaking the hash algorithm is equivalent to finding a collision in the hash algorithm. That means you don’t need to find the password itself (which would be a preimage attack), you just need to find an output of the hash function that is equal to the hash of a valid password (thus … Read more
You’re correct that it cannot guarantee uniqueness, however there are approximately 3.402823669209387e+38 different values in a 32 digit hex value (16^32). That means that, assuming the math behind the algorithm gives a good distribution, your odds are phenomenally small that there will be a duplicate. You do have to keep in mind that it IS … Read more
CRC works fine for detecting random errors in data that might occur, for example, from network interference, line noise, distortion, etc. CRC is computationally much less complex than MD5 or SHA1. Using a hash function like MD5 is probably overkill for random error detection. However, using CRC for any kind of security check would be … Read more