On 05/07/2009 11:45 AM, David Shaw wrote:
On May 5, 2009, at 2:13 AM, Daniel A. Nagy wrote:
David Shaw wrote:
* Must be human-readable
* Needs to be small to be useful
* Can collide to some small amount (4880 even documents that they
collide in section 12.2)
That's not the fingerprint. That's the key ID.
A nit, but that really is the fingerprint.
The important items here are 1 and 2, which both apply to a fingerprint.
Humans need to be able to cognitively compare fingerprints, so they
must be both human-readable and small enough to wade through.
As for collisions, 32-bit key ids don't collide "to some small amount".
They have *massive* collisions because of the small output space. It
takes a few hours of compute time on a single modern desktop machine to
generate 32-bit keyID collisions against every single key in the public
WoT. 64-bit keyids are better, but still nowhere near the collision
resistance we should be expecting from tools we expect humans to use to
keyIDs are useful as pointers, but are not at all useful for
Description: OpenPGP digital signature