[Top] [All Lists]

Re: [openpgp] Fingerprints and their collisions resistance

2013-01-06 00:19:40
On 01/05/2013 11:38 AM, ianG wrote:
Although see & 5.5.2 for interesting comments.  Let's ask for
consensus on this point:

   Are fingerprints cryptographically secure?

   Or are they convenient human introduction handles?

I can live with the interpretation of RFC 4880 that implies that fingerprints are not cryptographically secure.

IMO, however, it would be beneficial if they were secure at the birthday boundary size.

I know that there were suggestions by multiple people to store complete keys. The problems are: * keys are volatile; as a developer I want, at least internally in my software, a method to ID the key material; key material is often reused and traverses X.509 and OpenPGP world * it's a convenience when the ID is of fixed size (think about database tables, software memory allocations, etc)

There is an objective need to ID the key material with a hash. I think at the very least we should spec the algorithm in an e-mail on this list. It would even be better if this algorithm was supported across applications, so that the IDs are portable.

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>