[Okular-devel] md5 hash for annotation file name

[Markus Grabner]

Am Donnerstag, 11. September 2008 schrieb Albert Astals Cid:
> A Dijous 11 Setembre 2008, Markus Grabner va escriure:
> > I don't see any serious security threat by using a weak hash function at
> > this point. All an attacker could do would be to create a modified file
> > for which the same annotations would be displayed as for the file the
> > annotations were initially created for.
> > I like Ivo's proposal to use QCryptographicHash, which supports MD4, MD5,
> > and Sha1, so these are natural candidates.
>
> It's not an attacker, it's you having two files that collide and gets you
> annotations from one to another.
>
Ok, it's a tradeoff between collision probability and speed, I don't see a 
clear winner now. Have MD5 collisions been observed under "normal" conditions 
(i.e., without injecting some binary code into one of the files)?

> > >  *) Reading the whole file sucks, i don't want the 100MB of my pdf file
> > > to be piped though a hash, it't probably take *some* time
> >
> > Just tried it on my ancient AMD64 2GHz machine and found the following
> > computing times for a 500MB file:
>
> Calling a AMD64 2Ghz ancient makes me think what an EeePC is, prehistory?
Do you really want to work with a 500MB file on an EeePC :-?

> > MD4: 1.3 seconds
> > MD5: 2 seconds
> > SHA1: 4 seconds
> > Loading the file from a local hard disk takes considerably longer
>
> How much is that?
24 seconds for the first time, then 11 seconds when the file is cached. It's a 
Seagate ST3300622A SATA drive. So the hash computation overhead is moderate 
on this system.

	Kind regards,
		Markus


-- 
Markus Grabner - Computer Graphics and Vision
Graz University of Technology, Inffeldgasse 16a/II, 8010 Graz, Austria
Phone: +43/316/873-5041, Fax: +43/316/873-5050
WWW: http://www.icg.tugraz.at/Members/grabner