![]() ![]() SHA-512 has an output value of 512 bits that can distinguish between any two files that are up to 64 bytes in size MD5 has an output value of 128 bits that can distinguish between any two files that are up to 16 bytes in size Please explain why you would believe that. That is a risk I am happy to take - I do not even have 4 billion files with different namesĪgain, it's not just as simple as the theoretical mathematics. Then on average one file may have been deleted even though the content was different. To finish off by computing checksums to ensure the contents also match.Ī CRC32 error rate of one in 4,294,967,296 means that after deleting 4,294,967,296 "duplicate" files, ![]() It can only be sensible to look for matching file names and sizes,Īnd then as suggested in this topic title, If you really want to avoid malicious 'cleverness' you need SHA-256 or better,Īnd it would be infinitely preferable to validate a download BEFORE it ever gets moved into your system for use before CCleaner ever gets around to accessing it. I totally disagree with recommending MD5 for protection against malicious 'cleverness', because some years ago it was being cracked, see for example. I totally disagree with your conclusions as applied to this particular application. I think having a (reliable) duplicate file finder built right into CCleaner is an excellent thing, but at the moment it just isn't. I'm sorry if I'm sounding overly critical/negative. ![]() You need to use a proper hashing algorithm, such as MDx or SHA-x. It's not an issue of mathematics, it's an issue of maliciousness (and fundamentally design). Not even CRC32, this is simply not suitable. It's just these sorts of suspicious files you might want to verify. I've seen on numerous occasions, through either malicious 'cleverness' or simply quirks of design, DISTINCT files that share the same CRC32 but clearly not the same MD5/SHA-1. To have an even half way proper duplicate file finder, the mechanism for identifying such files MUST be some sort of hashing algorithm *as a CRC32, this is simply not suitable. I completely agree with Keatah and 4NTFan.Īs a long time fan of CCleaner I was excited to see this new feature added, but in its current implementation it's beyond useless. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |