storing keyrings into SQL database?

Ryan Malayter rmalayter@bai.org
Fri May 23 20:32:02 2003


From: Jean-David Beyer [mailto:jdbeyer@exit109.com]=20
>A year of days is between 8 and 9 bits, and I think you=20
>would need a collection of about 2^4.5 people to have a=20
>better-than-50% chance of collision.

Gotta love the old "birthday" paradox... it is the reason why SHA-1 only
offers 80 bits of effective security (collision resistance), even though
the hash is 160 bits long. Since a PGP fingerprint is only 80 bits of an
SHA-1 hash, it offers just 40 bits of collision resistance.

Of course, 2^40 PGP keys is an awful lot, so using the fingerprint as a
temp file name will work in practice on any conceivable system. (Even a
web PGP mail server with a million (2^20) simultaneous users would only
have about a 1 in a million (2^20) chance of a collision.)