This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||
|
I think the article currently not very useful – it shows an example of a fingerprint (random 160-bit number in hex), and then how one extracts the last 32 bits. Next it discusses the collision frequencies which is already covered by the birthday paradox article. As very short fingerprints, such as ones of 32 bits, are usually not assumed to be unique, I don't see how this is relevant. If nobody opposes, I would remove these. -- intgr 11:54, 19 November 2006 (UTC)
1) Is it correct to say that 32-bit identifiers are "public key fingerprints"? PGP has short 32-bit identifiers, but it only calls them "Key IDs", and reserves the term "fingerprint" for the full-length identifiers. I believe I've only seen the term "fingerprint" used in this way, to refer to values which are a cryptographically-secure one-way-function of a public key.
2) The "Security of fingerprints" section seems wrong. The first sentences make the argument that an attacker who can "break" a hash function will only be able to find pre-images of a specific form, and the attacker will find it difficult to produce public-keys of specific forms for which he knows the private key.
However, neither of these seem good assumptions - without looking at a particular break, you can't a priori say what limitations the attacker will have on finding pre-images: he may be quite constrained, or he may not be.
Furthermore, public-key algorithms often provide attackers a fair degree of lattitude in choosing the bit-fields of public keys. For example, in RSA, an attacker who chooses a fixed N=p*q can calculate the private-key for any e. Diddling e could be used to exploit hash-function weaknesses, or to speed up brute-force preimage attacks.
Since it's best to be conservative in discussing security, I think this section could be made much shorter, simpler, and more correct by simply stating that, in general, the security of a fingerprint *does* rely on the preimage-resistance of the hash function.
Trevp 20:56, 18 December 2006 (UTC) —
(Intgr, I'm tempted to rewrite the article. Let me know what you think of below (still needs plenty of cleanup, references, etc.))
I read an article online where the footer says "[the journalist's] secure PGP fingerprint is C81B B2EF E872 GV22 4EDA DABB 50E6 F2BE 1164 XXXX" (altered). I came here to find out what it means. After reading this article, I do not have the remotest idea how to relate the journalist's PCP fingerprint with what you all wrote in this WP article. Is there no way to make the article more accessible to us dumb bunnies, uninitiated into the arcane world of cryptography? Thank you for your time, Wordreader ( talk) 08:35, 21 August 2016 (UTC)