Hello,
 
> > Do you think PGP key ID is ABSOLUTELY unique?

> To do any transaction would just require signing a generated
transaction
> request.

Exactly.

> ... you could use the complete public key of the
> recipient to make the transfer.

IMHO this is necessary.

> keyid risk is 1 in 2^32 (almost 1 in 4.3 billion, but I suppose it
could
> be
> manipulated)

Exactly.
 
> fingerprint risk is 1 in 2^160 (possibly a bit worse than that, not
too
> sure of all the inner workings)

Can't say for sure right now, but I think this is a right estimate.

My statement was just as follows: you can't use non-unique numbers (if
you know for sure that it is so) for ID's of user accounts in
account-based system. Nothing more.

Technically speaking you *must not* do so, because they are used as
"primary key" in database.

Regards.                             Alexander Fedotov
______________________________________________________
[EMAIL PROTECTED]                     http://www.indx.ru/eng



---
You are currently subscribed to e-gold-list as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]

Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) 
via the web and shopping cart interfaces to help thwart keystroke loggers and common 
viruses.

Reply via email to