gpgme 0.3.3 questions

Werner Koch wk at
Fri Sep 21 12:07:01 CEST 2001

On Fri, 21 Sep 2001 10:31:10 +0200 (CEST), Rick van Rein said:

> Although it is generally assumed that human fingerprints are unique, there
> is no way of knowing this for sure. There is no central database anywhere

As reported by Anderson, Lambourne says in The Fingerprint Story, that
chances for a false match are about 1 in 2^33.

> So, NEVER NEVER NEVER use a fingerprint as an identity, or assume it is
> unique. But ANYTIME assume that a comparison of fingerprints is as good a

I can't agree with that big never.

A fingerprint is the best identity you can have.  On average you need 2^80
fingerprints to have one duplicate and when establishing indentity
such a birthday attack is not suitable.  So chances to get a false one
are much smaller.

About everything in cryptography is about probability, so it does not
make sense to try to do something "exact" in one part of the system.


Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list