What are fingerprints?
Sun, 12 Dec 1999 11:26:05 -0700
On Sun, Dec 12, 1999 at 04:18:18PM +0100, Peter Schuller elucidated:
> I've always wondered: how on earth can they be unique? Yes, a hashing
> algorithm can make the hashes *almost* unique, but how can it be guaranteed
> that no two keys have the same finger print? It must be impossible, since
> there is no communication with a central server during key generation. Yet,
> invarious documents on PGP, it is always stated that they finger prints are
> indeed unique.
There is no way to guarantee they are unique. Once they are significantly
larger than the key ID, then there is less chance that there will be a
duplicate fingerprint (I don't know what the probabilities are, but I
imagine that they are relatively small). Only the whole key is unique (unless
someone uses your id and pass phrase to make another). The fingerprint
is a convenience, it is simpler for the user to check a whole key. If meet
someone or are talking to them on the phone, and you are fairly confident who
are talking to is who they say they are, then if you have them read their
fingerprint, you can have a relatively high degree of confidence that you
are using the correct key. Obviously if there is a fingerprint match, or you
want to be absolutely sure, then you'll want to check the entire key.
Dale Harris <firstname.lastname@example.org> GPG key: 372FBD57 http://www.maybe.org/
Maybe is an Ambivalent Yet Beguiling Enigma