Eric Rescorla <[EMAIL PROTECTED]> writes: >In particular, Verisign's is very long and I seem to remember someone telling >me it was a hach but I don't recall the details...
It's just a SHA-1 hash. Many CAs use this to make traffic analysis of how many (or few) certificates they're issuing impossible. An additional motivation for use by Verisign was to avoid certs with low serial numbers having special significance. While there are a few CA's that follow the monotonically-increasing-integers scheme that certs were originally intended to have (and all manner of other weirdness, 32-bit integer IDs of unknown origin seem to be popular in the "other" category), most seem to use a binary blob of varying length. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]