IETF Logo Mail Archive

Re: [openpgp] Fingerprints and their collisions resistance

Jon Callas <jon@callas.org> Sat, 05 January 2013 20:00 UTC

Return-Path: <jon@callas.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5662F21F84BC for <openpgp@ietfa.amsl.com>; Sat, 5 Jan 2013 12:00:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jEAz-yAz+MRm for <openpgp@ietfa.amsl.com>; Sat, 5 Jan 2013 12:00:19 -0800 (PST)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id D380821F84DA for <openpgp@ietf.org>; Sat, 5 Jan 2013 12:00:19 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 349CD1894BFB for <openpgp@ietf.org>; Sat, 5 Jan 2013 12:00:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iKCFliU7zscS for <openpgp@ietf.org>; Sat, 5 Jan 2013 12:00:16 -0800 (PST)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id C5E541894BEF for <openpgp@ietf.org>; Sat, 5 Jan 2013 12:00:15 -0800 (PST)
Received: from [10.0.23.28] ([173.164.244.98]) by keys.merrymeet.com (PGP Universal service); Sat, 05 Jan 2013 12:00:16 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Sat, 05 Jan 2013 12:00:16 -0800
Mime-Version: 1.0 (Apple Message framework v1283)
From: Jon Callas <jon@callas.org>
In-Reply-To: <50E66A34.8080702@brainhub.org>
Date: Sat, 05 Jan 2013 12:00:16 -0800
Message-Id: <479BF7E1-2EC3-483D-B999-40E7C14E5AA9@callas.org>
References: <50E530D6.6020609@brainhub.org> <50E5494E.6090905@iang.org> <50E60748.3040103@brainhub.org> <50E60F7A.8000001@fifthhorseman.net> <50E61BF7.4020905@brainhub.org> <50E65A28.1070501@fifthhorseman.net> <50E66A34.8080702@brainhub.org>
To: openpgp@ietf.org
X-Mailer: Apple Mail (2.1283)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [openpgp] Fingerprints and their collisions resistance
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jan 2013 20:00:20 -0000

I think that along with just parameterizing a fingerprint, it's best not to assume that they are unique. Obviously, there are a few places where we assume they are, and those are the flies in that particular ointment (for example, designated revokers). But that's not hard to deal with. It's not (in general) exposed to humans, so you can make it be a hash as long as you want.

For human use, any reasonable hash function will do, and that even includes SHA-1. (While it has been estimated that one can construct a collision with 2^51 work, that's not the same as constructing a second-preimage collision.) For any crypto operation, a fingerprint collision isn't going to lead to crypto interoperability -- and this is why the 64-bit key id isn't a problem.

	Jon

v2.23.0 | Report a Bug | By Email