diff --git a/NewCaps/WhatCouldGoWrong.md b/NewCaps/WhatCouldGoWrong.md
index 699e59c..889077b 100644
--- a/NewCaps/WhatCouldGoWrong.md
+++ b/NewCaps/WhatCouldGoWrong.md
@@ -29,7 +29,7 @@ where *k* = bitlength(*K1*), *r* = bitlength(*R*), *s* = bitlength(*S*), *t* = b
 
 3. *undeletion*: attacker makes a deleted file (for which it need not have had a read cap) accessible at its previous storage index, and readable by previous read caps
 
-4. See the probability table at <http://en.wikipedia.org/wiki/Birthday_Paradox> , for hash length *s*+*t*.
+4. See the probability table at <http://en.wikipedia.org/wiki/Birthday_Paradox> . The effective hash length is approximately min(*s*,*r*)+*t* bits.
 
 5. Brute force costs assume a single-target attack that is expected to succeed with high probability. Costs will be lower for attacking multiple targets or for a lower success probability. (Should we give explicit formulae for this?)