[Top] [All Lists]

Re: SHA-1 broken

2005-02-17 15:06:45

My feeling is that a key fingerprint is the *least* of the things that are in danger from a SHA-1 break.

A key fingerprint is little more than a hash of the key material, the creation time, and a few constants. There's very little place in there to manufacture a collision. Fingerprints need little more than one-way-ness.

Furthermore, it is imperative that a fingerprint be short. The whole reason for having them is that they are short. All the things you want a fingerprint for require it being short. Twenty bytes is plenty long enough for one. Otherwise just get rid of the fingerprint and just write down the key.


<Prev in Thread] Current Thread [Next in Thread>