rolf.freitag@rolf... wrote:
> > The birthday paradox says...
> That's only true for files with a) same size

For files larger than the hash, size has *nothing* to do with
it, it's simple mathematics.

 > and b) size > 160.

If you mean files smaller than 160 bits (20 bytes) - how many
of those exist anyhow? It's true that ASCII english text has
only 1-2 bits of entropy per byte, but that doesn't stop the
checksum from working, if, like SHA-1, you include the file
size in the hash.

> Because on a typical PC there are many small files
collisions du occur much often
> than in one of 2^80 cases even with a theoretically perfect hash of 160
bits.

Find me a pair then, > 20 bytes.

> md5sum is not theoretically perfect because the
size of the md5sum is 128 bit and the
> collisions where found in 128 bit files.

Again, file size is irrelevant to this, I can't imagine why
you're hung up on it.

> Which hash is theoretically perfect?

None. But the extensive testing and analysis that's been carried
out means that we can get close enough. Remember the cosmic rays :-).

I've also built a duplicate-file finder - it's an interesting project.

Clifford Heath.