Re: Non-identical files with identical md5sums on Debian systems?

[Russ Allbery <rra@debian.org>]

Fabian Greffrath <fabian@greffrath.com> writes:

> I do occasionally check for identical files on different systems by
> comparing their md5sums. So, just out of interest, could someone tell me
> (how to find out) how many non-identical files with identical md5sums
> there are there on a typical (say, amd64) Debian system?

Unless you have a collection of MD5 collision attacks, or have installed a
package that includes a sample MD5 collision, the changes are quite good
that the answer is "zero."  MD5 is no longer considered cryptographically
strong, but that doesn't mean it's not a fairly random 128-bit hash.  You
need a *lot* of files before even the birthday paradox will give you much
likelihood of an MD5 collision that wasn't intentionally constructed.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>