Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

Robert J. Hansen rjh at
Sat Mar 13 17:34:28 CET 2010

On Mar 13, 2010, at 7:08 AM, erythrocyte wrote:
> However, the combined probability that at least one of the encounters would result in accepting a fake ID would be 1/4 + 1/4 + 1/4 + 1/4  = 1 . 

99.6%; a little different.  The binomial theorem gives us the correct numbers.

0 failures: 31.6%
1 failure: 42.2%
2 failures: 21.1%
3 failures: 4.7%
4 failures: 0.4%

Anyway.  This handwaves the fact that 99.6% of the time, someone at the keysigning party will say, "hey, that's weird!" and show it to everyone else at the keysigning party.  Even if your very high Type II error rate is correct, then assuming there's not some deep systemic reason for the failure (i.e., all trials are independent), you still have nothing to worry about.  You can have a test that immigration officials screw up 25% of the time, and still have it be perfectly suitable for a keysigning party.

More information about the Gnupg-users mailing list