SPUG:Re: Appropriateness of MD5

[Jeremy Mates]

* Peter Darley <pdarley at kinesis-cem.com>
> 	My question is this: Is the MD5 digest going to be sensitive enough to
> detect the changes?  The 'key' of the report will likely be ~1000-2000
> characters before digesting, and I'm a bit woried that a 128 bit digest
> won't be unique enough to indicate a change to the 'key'.

Both "a" and 20 gigabytes of data reduce to the same length MD5 digest;
a single character changed in either string will produce a different
checksum.  The length of the document determines how long the checksum
takes to generate on the system in question.

Problems with MD5 can crop up when checksums are being generated for
millions of entries, which increases the odds that two different strings
share the same checksum.  This problem can be reduced by using a digest
algorithm that uses more bits; CPAN has several modules under the Digest
area that offer lower chances of collisions at higher CPU costs.

That being said, MD5 is likely to have a large enough bitspace for
your needs.