[pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Nov 18 07:47:13 CET 2020
On 18.11.20 06:47, Dietmar Maurer wrote:
>> On 11/18/2020 6:27 AM Dietmar Maurer <dietmar at proxmox.com> wrote:
>>
>>
>> Do we really need/want a 256bit long fingerprint?
>>
>> I thought 64bit (or maybe 32bit) would be large enough?
>> If not, why does it have to be that large?
>
> some quick math:
>
> max keys a user generate in his live: 1024 (2¹⁰)
>
> so the likelihood of a 32bit fingerprint clash is
>
> W = 1/2^²² (1/4Millions)
>
> which is, unlikely, but possible.
>
> But with 64bit it is extremely unlikely (1/2⁵⁴).
From a pure user experience I think it could be better to present 8 byte of fingerprint
information - as the nerves/stress ratio is probably not to good at times where this is
required.
8 byte: "90:A1:CA:44:BE:0B:D4:1C"
vs.
32 byte: "90:A1:CA:44:BE:0B:D4:1C:F7:D9:F5:2F:7C:92:DB:69:B2:2A:AF:6A:1C:7A:DB:0C:03:93:3E:EA:95:EC:26:92"
I mean, after all, this is rather informal and even if there would be a unlikely
collision it does not actually compromises security in any way I can think of.
More information about the pbs-devel
mailing list