Fingerprint security (was Re: storing keyrings into SQL database?)

[David Shaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, May 22, 2003 at 07:35:18PM -0700, Joseph Bruni wrote:
> Has anyone ever calculated the odds of a fingerprint collision? 
> Sometimes its kind of nice to know just for perspective.

A natural collision? Very, very unlikely.  V4 keys use SHA1 to
fingerprint, and the effective size of that hash due to the birthday
paradox is 80 bits.

V3/PGP 2.x keys are a different story altogether.  There is a weakness
in the key format that means you can play fingerprint games with
fairly little effort.  You can fake a keyid easily as well, but V3
fingerprints are not secure either.  This isn't a MD5 hash issue
(though MD5 has issues): it is a flaw in the fingerprinting
specification.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+zZwS4mZch0nhy8kRAnzjAJsEvyJoEo5mA3BXuHSyhkCX/210bACg5QXN
9HAuVTX1VCZqDVKMGuNc7fI=
=MSI9
-----END PGP SIGNATURE-----