storing keyrings into SQL database?
David Shaw
dshaw@jabberwocky.com
Fri May 23 22:01:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, May 23, 2003 at 01:32:50PM -0500, Ryan Malayter wrote:
> From: Jean-David Beyer [mailto:jdbeyer@exit109.com]
> >A year of days is between 8 and 9 bits, and I think you
> >would need a collection of about 2^4.5 people to have a
> >better-than-50% chance of collision.
>
> Gotta love the old "birthday" paradox... it is the reason why SHA-1 only
> offers 80 bits of effective security (collision resistance), even though
> the hash is 160 bits long. Since a PGP fingerprint is only 80 bits of an
> SHA-1 hash, it offers just 40 bits of collision resistance.
This is not correct. PGP uses all 160 bits of the SHA1 fingerprint,
giving 80 bits of collision resistance.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+zn4h4mZch0nhy8kRAsGCAJ9l7uPErg3oE+4vZ2upEgAl70WqdgCdFC6N
4G3RVP9vq6iAX7Vh/i0TWwE=
=wheK
-----END PGP SIGNATURE-----