What are fingerprints?

Peter Schuller scode@scode.webprovider.com
Sun, 12 Dec 1999 16:18:18 +0100

> fingerprints are something like a hash value of a key: A short, unique
> number. It is intended to use a fingerprint to verify that the key
> belongs to the user given in the Key ID: If you can communicate over a
> secure line, eg, via phone, you may compare the fingerprints of the
> key. Other possibility: The public key of a newspaper publisher: It may
> be printed in the newspaper, and you can simply check whether the public
> key from the keyserver is the correct one comparing the
> fingerprints. (You don't want to check the whole key, eve if it is
> printed out :-))
I've always wondered: how on earth can they be unique? Yes, a hashing algorithm can make the hashes *almost* unique, but how can it be guaranteed that no two keys have the same finger print? It must be impossible, since there is no communication with a central server during key generation. Yet, invarious documents on PGP, it is always stated that they finger prints are indeed unique. -- / Peter Schuller PGP userID: 0x5584BD98 or 'Peter Schuller <scode@scode.webprovider.com>' Key retrival: Send an E-Mail to scode-getpgpkey@scode.webprovider.com E-Mail: scode@scode.webprovider.com Web: http://www.scode.webprovider.com