> These are all cryptographic hash functions: too strong for a preliminary > test, insufficient for absolute certainty. where do you get that these are "insufficient for absolute certainty"? (beside maybe md4) there are no known collisions in sha1 and better, and even md4's preimage attack has complexity 2^102. [1,2] OTOH harddrive manufacturers state MTBF of around 500'000 h, and that's just a fraction of the error sources you have. HDDs read at around 150 MB/s, so in those 500'000h they read: 5e5 h*3600 s/h*150e6 B/s *8 b/B = 2.16e18 = 2^55 - so from that you have 2^47 higher probability of random errors over the worst algorithm's failure. That's probably around the number of bits of your personal storage. Stated differently: until hash functions flip one bit of your storage wrong, storage itself has eaten it all. of course, those estimates are off the real (unknown) numbers, you probably have unknown attacks on any hash, which may be far better than 2^102. But how many of 1960s harddrives and computer around it are still running and have produced only one wrong bit in their lifetime? MTBFs are far off too.
Attachment:
signature.asc
Description: OpenPGP digital signature