Re: including the entire fingerprint of the issuer in an OpenPGP certification

Avi <avi.wiki@gmail.com> Fri, 21 January 2011 04:19 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0L4JM7c088182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2011 21:19:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0L4JMnH088181; Thu, 20 Jan 2011 21:19:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail-ey0-f171.google.com (mail-ey0-f171.google.com [209.85.215.171]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0L4JJoF088176 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL) for <ietf-openpgp@imc.org>; Thu, 20 Jan 2011 21:19:21 -0700 (MST) (envelope-from avi.wiki@gmail.com)
Received: by eyg5 with SMTP id 5so702091eyg.16 for <ietf-openpgp@imc.org>; Thu, 20 Jan 2011 20:19:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=Zn9D0l/RRzrZ4hp/w6UZUu5A42p5Poj65pVvaZ7t7g4=; b=ZFQJJ8AsoDQoIvK0o9sN3omD1dBdJfy8FclkXlHmOo+FFme090akfGPbFPE1VA2PRc 07W+Zh/8M/LC2+CgmSfriEcLDDvAAD6b6yIJkxb9VyDmvhl2oD6a2MEJKJUJve8DpH+/ 0CE5wuunYpfS9LCTsUz0V1IjcLYaimGdMvda4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:content-type; b=fOwCrBd943teVesqh2RyBrrlb9lzl9FzL/M154gncjebWZo3ZAgNXqIxoV5Pv/Z31i 9WO18fgMvZl9FKOqf/qXbK9PW9CqXCsNZ5utI7HgVLLx8IlI1mT+Mi2DXDhVPqEG5In8 qk2gonuH/U5kEl7aQ2DF05rdJf+mdlgsA5IJ4=
MIME-Version: 1.0
Received: by 10.213.112.131 with SMTP id w3mr184265ebp.42.1295583557628; Thu, 20 Jan 2011 20:19:17 -0800 (PST)
Received: by 10.213.28.5 with HTTP; Thu, 20 Jan 2011 20:19:16 -0800 (PST)
Reply-To: avi.wiki@gmail.com
In-Reply-To: <20110120225114.GB4981@straylight.ringlet.net>
References: <CFCF61BD-9281-4F09-AD31-C5AAC38315FE@callas.org> <4D354A08.1010206@iang.org> <87lj2isgm8.fsf@vigenere.g10code.de> <58216C60-3DFD-4312-B514-19243ED4220A@callas.org> <4D36010A.30205@fifthhorseman.net> <4D360E46.1080208@epointsystem.org> <4D3615A5.1050700@fifthhorseman.net> <3B73CC58-35BE-460D-8378-4869DB00BA30@callas.org> <4764FF65-D26A-40A2-98F9-53A9857BD41E@callas.org> <AANLkTikKT40F=dG7zmjM+T2SRMm2HDqQrVHT-+nmh_A+@mail.gmail.com> <20110120225114.GB4981@straylight.ringlet.net>
Date: Thu, 20 Jan 2011 23:19:16 -0500
Message-ID: <AANLkTikZ36zieD1WLVt_s+YJpFCK3t-CMujxL-+TeBNN@mail.gmail.com>
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
From: Avi <avi.wiki@gmail.com>
To: Peter Pentchev <roam@ringlet.net>, Jon Callas <jon@callas.org>, IETF OpenPGP Working Group <ietf-openpgp@imc.org>
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

I meant actually, as statistically speaking, the probability of
picking any one point from any continuous interval on the real number
line is exactly 0, which is why we deal with probability density
functions over intervals instead of probability mass function at
points. But I think I just got way off topic :)

--Avi

On 1/20/11, Peter Pentchev <roam@ringlet.net> wrote:
> On Thu, Jan 20, 2011 at 11:36:32AM -0500, Avi wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Even more strongly, there is the difference between "almost
>> never" and "never". Even if there were an infinite number of key
>> id's along the real number continuum, the possibility of a
>> collision is mathematically 0%,
> 	
> ...I believe you mean "practically 0%", since mathematically,
> it is definitely not 0% :)
>
>> but it is still possible. Heck,
>> the possibility of ANY id would be mathematically 0, but each
>> key would still have an ID.
>
> Same here, ITYM "practically" or "virtually" 0 :)
>
>> Here, we are dealing with a discrete distribution, so there
>> /are/ mass points (be they VERY very small) at each ID, so yes,
>> it is 100% certain that eventually, not only will there be a
>> collision, but every key will have a collision.
>
> Theoretically, this is not necessarily true.  It depends a lot on the
> hashing algorithm used - it is completely possible to design a hashing
> algorithm that would produce a certain digest for one input value and
> one input value only - hell, it's trivial to design one based on another
> hashing algorithm: "If the input is 'abcd', produce SHA1('abcd'); else,
> if SHA1(input) == SHA1('abcd'), produce SHA1('abcde'); else, produce the
> same result as SHA1(input)."
>
> I'm pretty much certain that for SHA1 your statement would be true, but
> I'm not certain if it has been proved - greater minds here would
> probably know: has anyone looked into that, and has it been proven that
> there does not exist any sequence of bytes which would have an unique
> SHA1 hash, that is, against which it is impossible to do a preimage
> attack?
>
>> It may be
>> though, that the waiting time may be longer than the heat death
>> of the universe for the latter, so we don't have to worry about
>> that too much :).
>
> G'luck,
> Peter
>
> --
> Peter Pentchev	roam@ringlet.net roam@FreeBSD.org peter@packetscale.com
> PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
> Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
> Hey, out there - is it *you* reading me, or is it someone else?
>

-- 
Sent from my mobile device

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki@gmail.com>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC  ABAA 0D62 B019 F80E 29F9