|
|
|
|
|
|
by iso1210
1511 days ago
|
|
|
I think the question is that how is it useful if you happen to have two hashes that match - it's very unlikely that they will be Where the problem comes is when you can generate a matching 128 bit hash with your own content without having to do 2^128 different hashes (or strike ridiculously (lottery winner being struck by lightning) lucky and only need to do 2^100 hashes) |
|
|
Then you send file2 which is actually malicious, and the service decides it has already analyzed this file and lets it go.
This would work on a lot of big AV appliances and software. A surprising amount of these are still using md5 for de-duplication.