[pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Nov 18 09:27:31 CET 2020
On November 18, 2020 7:47 am, Thomas Lamprecht wrote:
> On 18.11.20 06:47, Dietmar Maurer wrote:
>>> On 11/18/2020 6:27 AM Dietmar Maurer <dietmar at proxmox.com> wrote:
>>>
>>>
>>> Do we really need/want a 256bit long fingerprint?
>>>
>>> I thought 64bit (or maybe 32bit) would be large enough?
>>> If not, why does it have to be that large?
>>
>> some quick math:
>>
>> max keys a user generate in his live: 1024 (2¹⁰)
>>
>> so the likelihood of a 32bit fingerprint clash is
>>
>> W = 1/2^²² (1/4Millions)
>>
>> which is, unlikely, but possible.
>>
>> But with 64bit it is extremely unlikely (1/2⁵⁴).
>
> From a pure user experience I think it could be better to present 8 byte of fingerprint
> information - as the nerves/stress ratio is probably not to good at times where this is
> required.
>
> 8 byte: "90:A1:CA:44:BE:0B:D4:1C"
>
> vs.
>
> 32 byte: "90:A1:CA:44:BE:0B:D4:1C:F7:D9:F5:2F:7C:92:DB:69:B2:2A:AF:6A:1C:7A:DB:0C:03:93:3E:EA:95:EC:26:92"
>
> I mean, after all, this is rather informal and even if there would be a unlikely
> collision it does not actually compromises security in any way I can think of.
I'd be fine with that, although I think we should probably mention
somewhere why we think it's fine to use a truncated hash here:
- the actual verification happens via the signature of the manifest
- we are talking about your own keys, not keys of other parties that you
need to verify via a fingerprint (which is an entirely different
problem)
- the fingerprint is just used as an automatically/mathematically
generated 'name' of the key
should we switch it altogether, or just truncate it on display? IMHO for
Qemu I'd like to keep the full digest/fingerprint, since there a
skipped collision means corrupt backups, not running into the next
error and bailing out..
More information about the pbs-devel
mailing list