What are the chances that two messages have the same MD5 digest and the same SHA1 digest?

Question

Given two different messages, A and B (maybe 20-80 characters of text, if size matters at all), what is the probability that the MD5 digest of A is the same as the MD5 digest of

Answer 1

The chosen answer is incorrect because it uses the wrong probabilities. I spent a good portion of today researching this (you can sorta see my thought process in the comments to that answer), and believe the actual answer is the following (for birthday attack of slightly larger messages than the ones you're talking about):

2^-61 * 2^-18 = a collision in once in 2^79.

And that's if it's OK to just multiply these probabilities (I'm unsure of that).

This is doable (less than a couple months and dropping every year) by super computers today.

Note that this is based on sufficiently large pools of messages (to make the birthday paradox meaningful). This is also the scenario you said you were concerned about.

Now, a different situation is finding a collision for a pair of hashes (SHA1 and MD5) of a specific message. This takes you out of bday paradox territory and is orders of magnitude more difficult. I'm not sure if that is 2^(-61*2)*2^(-18*2) or something else. If anyone knows what that is, please post a comment to this answer (would be super appreciated!).

Now you ask:

Given two different messages, A and B (maybe 20-80 characters of text, if size matters at all)

Yes, size does matter. Click the link to the 2^-18 figure and you'll see that value is for two input blocks. In MD5, an input block is 512 bytes. 20-80 characters of text is too small for that, and the single-block value is 2^41.

Thus, for that amount of data, you get 2^-61 (I think) * 2^-41 = 2^-102.

So for that size it seems safe (link contains figure of twice current bitcoin hashrate of SHA256: 46626.93 TH/sec).