G'day all.
William H. Geiger III wrote:
Well the way I see it we have 2 possabilities for duplicate keyID's:
1) Collision. Does anyone know what the probability of 2 users generating
2 unique keys with the same keyID? If this number is high then perhaps we
should look at either using the fingerprint in the PGP packets or
providing additional info in the packets to provide uniqueness.
It was said in a previous post (can't recall who said it) that 95,000
new keys have been added to the MIT keyserver since 20 May (I assume
this is what was meant by the internationally puzzling incantation
5/20).
A quick calculation (Haskell source available on request) shows that
amongst these 95,000 keys, there is a 65% chance that there is at least
one ID collision. The number of keys required to hit 95% chance of an
ID collision is just over 160,000.
I'd say that certainly constitutes "high". Certainly too high for a
keyserver or large business.
Cheers,
Andrew Bromage