# Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

Ingo Klöcker kloecker at kde.org
Sat Mar 13 13:51:47 CET 2010

```On Saturday 13 March 2010, erythrocyte wrote:
> On Sat, Mar 13, 2010 at 1:14 PM, Robert J. Hansen
<rjh at sixdemonbag.org>wrote:
> > Even then — so what?  Let's say the Type II rate is 25%.  That's a
> > very high Type II rate; most people would think that failing to
> > recognize one set of fake IDs per four is a really bad error rate.
> >  Yet, if you're at a keysigning party where there are five people
> > independently applying a 25%-faulty test, the likelihood of
> > accepting a fake ID is under 1%.
>
> It really depends on how you're calculating combined probability. If
> you take an example of 4 individuals at a keysigning party,
>
> The combined probability that all individuals would accept a fake ID
> would be 1/4 * 1/4 * 1/4 * 1/4 = 0.00390625 .
>
> However, the combined probability that at least one of the encounters
> would result in accepting a fake ID would be 1/4 + 1/4 + 1/4 + 1/4
> = 1 .
>
> Please do correct me if I've made a mistake. I'm not a math guru by
> any means.

Sorry, but your calculation is wrong. If the calculation was correct
then with 5 encounters the probability would be 1.25 which is an
impossibility. Probability is never negative and never > 1. (People say
all the time that they are 110 % sure that something will happen, but
mathematically that's complete nonsense.)

The probability that the fake ID is rejected by all individuals is
(1 - 1/4)^4.
Consequently, the probability that the fake ID is not rejected by all
individuals (i.e. it is accepted at least by one individual) is
1 - (1 - 1/4)^4.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100313/eb3379f8/attachment-0001.pgp>
```