* Lindsay Mathieson wrote:
As far as I understand it, it is impossible to guarantee a unique Key ID &
fingerprint, as they are hash's of the key material, which implies the
possibility of a hash collision, highly unlikely maybe, but still possible.
I'd call 2**-128 impossible, and 2**-64 birthday collisions close to impossible.
But 64-bit KeyIDs lead to birthday collisions with about 2**32 keys,
which _will_ happen, and then there's the problem of the user interfaces
(at least on the key servers) only showing the user 32 bits of key instead of 64
(which is not only susceptible to birthday collisions but 0xdeadbeef attacks,
though they're less useful than they used to be.) Keyservers especially
need to be able to cope with duplicates.
At 02:35 PM 10/29/1997 GMT, Lutz Donnerhacke wrote:
That's why my proposal causing this controversy was/is to define it not unique.
Sounds good.
Thanks!
Bill
Bill Stewart, stewarts(_at_)ix(_dot_)netcom(_dot_)com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639