From: Hadmut Danisch <hadmut(_at_)danisch(_dot_)de>
In other words: How much can messages differ to still get the same
hash and what's the minimum difference that guarantees a different
hash?
It doesn't matter.
ANY checksum scheme can be defeated, and usually very easily (unless
the checksum is useless for practical message distinction.) It's
trivial to create N messages with arbitrarily-large Hamming (or
"spamming") distance. Even without knowing the details of the
checksum algorithm, a few simple black-box experiments will probably
reveal its weakness. If you know the algorithm, it's even easier.
That doesn't mean checksums are useless; on the contrary. It is a
worthwhile cause to block spam from unsophisticated spammers. Just
because we know we'll never completely stop determined spammers, it
doesn't mean we should give up on the low-hanging fruit.
The best we can hope for is to increase the hassle of spamming. Every
extra hoop a spammer has to jump through means a certain percentage of
spammers will simply give up (or else fail because of lack of
hoop-jumping.)
--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg