Re: What is md5sum?
From: P.T. Breuer (ptb_at_oboe.it.uc3m.es)
Date: Wed, 30 Jun 2004 08:27:39 +0200
Carlos Moreno <email@example.com> wrote:
> P.T. Breuer wrote:
> > His statement is not false - try and understand that you are talking to
> > mathematicians (and physicists :) of greater sophistication than you,
> > and you, thinking that you are being clever, think that the
> > sophisticated ideas are stupid. No - wrong. The rest of the universe
> > is not wrong, you are. Take that on board.
> When did I say that the rest of the universe is wrong?? The
When you say that md5sum does not identify a files contents uniquely.
Show us the counterexample!
> only recent incident in which I've stated that something or
> someone is wrong was the statement that "an MD5 is unique to
> a file" is wrong -- which IT IS.
It isn't. Try and understand that. Arguing with you will be less
tedious when you cease calling the arth flat.
> > It is not incorrect. The energy required to make enough files to
> > produce even a minuscule chance that one of them matched in md5sum a
> > file that you already have would exhaust the suns entire output for a
> > century (wildly guestimating ...). QED.
> Good God! You put the acronym QED after such a ridiculous
It is QED, because that's a proof. Where do you find a flaw in the
> bunch of nonsense and you claim that I'm unsofisticated!!
Claiming it is "ridiculous" when it isn't only makes you look foolish.
> Is it *possible* that in a game of poker, 10 different
> players get a poker after drawing?
I don't know what it means (I don't play poker), but it sounds plausible.
> I really doubt that there
> can be *anyone* on this planet that says that it is *not
It is perfectly possible, but that is a conclusion I reach
constructively - you can show me at least one or two of the draw
outcomes that you are interested in telling me are possible.
Therefore I do not doubt you (I would also have to be convinced that the
draw mechanism was capable of producing them, but lets say it is).
The same argument does not pertain to the md5sum situation, where you
CLAIM there is a particular magic poker draw that has strange
properties. If it exists, show me it! I'm waiting to be convinced!
> You see, the extremely ridiculous thing is how we keep
> discussing around arguments that include the *probability
You really don't get it - go back to skool, is the simplest solution.
> ignorant and all... Even though I've clarified on multiple
> occasions that the fact that MD5's are not unique does not
If you claim they are not unique, then you should be able to show us a
couple that are the same, no? Why don't you? I don't believe you!
> >>Agreed. But in doing so, you volunteered some extra information
> >>which is incorrect (it is "correct" in practical terms, but
> > It is correct.
> Sorry, IT IS NOT.
> > Stop pandering to the ridiculous idea that the universe contains
> > infinitely many files. Or will.
> The universe does not have to contain infinitely many files
> for the statement to be false.
Your argument is about very large numbers. How do you know that the
universe works OK arithmetically for large numbers of things? (numbers
are a concept that abstracts reality). I pointed out to you that there
isn't enough energy in the solar system to make all the files you want
to test, let alone test them! The universe doesn't seem to want to
allow you to do your tests!
> There are much more (*muuuuch
> more*) than 2^128 *possibilities* for files
Yes, of course there are.
> -- we know that
> there are at least two of them that produce the same MD5;
Uh uh. You are trying to use the pigeonhole principle (if there are
n+1 pegs for n holes, then one hole must have two pegs in it). That's
an extrapolation from small numbers to large numbers, and also a use of
contradiction in place of construction. You can't make the leap of
faith from "that's impossible" (they can't all be different) to
"therefore this must happen" (two must be the same). You have no basis
on which to make that step except your experience with small finite
Now, there is a "theoretical" constructive proof - it goes "generate all
files, and as each file is generated, compare its md5sum with all those
already created". At each stage iof the construction the domain will be
finite - indeed, exactly as large as we know it should be, and indeed at
one point we will have n+1 pegs (files) and only n holes (md5sums).
Unfortunately this mathematical construction is not physically FEASIBLE
- it would take more energy than we have available locally in this
universe. So the attempted constructive proof fails on physical
grounds. We can't do it.
> the fact that I can find it or not has absolutely nothing
> to do with the falseness of the statement.
Oh yes it does. Sorry - but you are trying to apply your local
knowledge of small finite numerical domains to the universe as a whole,
and you have no way of validating that!
As JH Conway was always saying - always bet on horses at long odds; we
have no meaning for odds that mean "once in a lifetime". What are we
supposed to do? Try several different lifetimes and see if the odds are
> You seem to think that I don't understand large numbers...
> I do. I happen to have done the math for all possible
> permutations when shuffling a deck of cards. Assuming
Oooooh, wowie. I think you mean "arithemetic"!
> that the earth has had 10 billion inhabitants for ten
> millenia, and that all of those are shuffling a deck of
> cards once per second, every second of every day of every
> years of those ten millenia, still you would only get a
> tiny, microscopically minuscule fraction of all possible
> permutations. (still, that does not prove that it is not
> possible that in two separate instances the same permutation
> occurs -- it *IS* possible)
This is not the same thing - you can show me what the draw is you are
trying to achieve. There is no need to engage in a wild statistical
experiment to produce it.
> > No it doesn't. Cease using socratean logic to argue about the infinite.
> No-one has argued about the infinite (well, maybe I did;
> still, it's not necessary to argue about infinite -- *if*
> I did it, it was just a practical/simple way to address the
> > No it isn't. It's correct. There is no way of holding your machine safe
> > from cosmic rays and the like for long enough for it to be able to do
> > the checks involved. You seem to forget that you are part of the
> > physical system!
> A physical system *can* produce two different files with
> the same MD5
Prove it. Show me these two different files with the same MD5 sum.
> -- the fact that it has never (or the fact that
> maybe -- or most likely -- in our lifetimes and the lifetimes
> of the next 200 generations it won't, has nothing to do with
> the fact that it *can*)
No it can't. At odds around that of several atoms in your keyoard
deciding to hop off there right now and gang up and punch you in the
nose all together!
> I mean, I just got a file that has an MD5 7875673498726a7455789234
> (whatever -- I just typed in random keystrokes)... Why, oh why,
> would the universe be so extremely clever to *know* that that
> number from now on is prohibited -- why would each and every
It isn't prohibited. But you can't show me any other file which has
> >>>IF you ever find a pair of files which have the same MD5 sum and the files
> >>>are different, then you will be very very famous, and maybe even rich. But
> >>>buy lottery tickets if you want to be famous and rich. You will have a much
> >>>higher chance.
> >>I know (I'm perfectly aware of both parts of this statement).
> >>That still does not make your statement (or Variant's) correct.
> > Oh yes it does. Try it in court.
> Hahahahahaha!!! Good one!! *YOU* try it in court!!!!!!
What's funny? Truth in court will certainly be of a standard inferior
to the 99.9999999999999999999999999999999999999% chance of being
correct that the statement I made has. In civil court cases I believe
the standard is only 50%!
> > And I am prepared to bet you that each different existing
> > file has a unique md5sum.
> Which, even if you are correct (which in all likelihood
> you are), has nothing to do with the fact that the statement
> is false.
It isn't false. I am quite happy to say so, completely secure in the
knowledge that you cannot provide a counterexample.
> > There are proofs that show that it's impossible that all files that you
> > can ever produce will always have different md5sum. That does NOT mean
> > that there ARE any two such files. Try and get it through your head.
> And who said that there ARE two such files??
> There *can*
> be two such files
What makes you think so? If there CAN be, then what's your problem in
producing them? You don't have any such problem with showing me a very
rare poker draw, do you?
> -- I can not state for sure that there
> are not,
That's true. To prove "not", I would have to show that the universe
would collapse if any such two existed. I don't know the universe well
enugh to be able to prove anything of it!
> and you can not either (to apply your notions of
> proof, if you tell me that it is a fact that there are no
> two files with the same MD5, then you would have to show
> me ALL THE FILES that have ever existed, and show me that
> all the MD5's are different -- since some files are secret
> and you can not access them, then you can not show me all
> the files, and the statement is false, therefore there are
> two files with the same MD5.... How's that?? Seems
> exactly the same as your proofs)
Indeed, you are getting the idea. (for the purpose of this argument) I
only believe in real constructions. Claiming that something is true
because its negation is theoretically impossible does not wash for me.
Show me it! I say.