|
For what it is worth, MD5 and SHA-1 are both designed not just to be "good hashes" but specifically designed against people taking Known Data A and massaging it into Known Data B (where B is whatever it takes to make B have the same hash as A). It apparently is still possible to "cook" these functions, in that you can eventually derive some sort of Known Data B, especially if you're not fussy about what B contains, but it is claimed to take considerable effort and possibly be "computationally infeasible". I haven't studied it in detail, but those are the general claims. So, if you need "high probability" of no fake matches, these are the primary choices nowadays as they are designed not just with collision statistics in mind, but actual malice. I can't speak to any possible licensing issues, not being a lawyer. But, I think you can code either up from the RFCs. See your own laywer before proceeding! SHA-1 is supposed to be more "secure" from being faked out than MD5, but that's just what I read on the net. Don't know it for a fact. Since this is the MI400 list, I won't point out that you can do the whole job in Java with JDBC rather readily. Depending on the tolerance for communications costs, I could also see the Java code delivering the hash from one system to the other, to avoid a manual comparison, even if the files themselves can't be sent. Larry W. Loen - speaking on his own
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
