Hello, > > Do you think PGP key ID is ABSOLUTELY unique? > To do any transaction would just require signing a generated transaction > request.
Exactly. > ... you could use the complete public key of the > recipient to make the transfer. IMHO this is necessary. > keyid risk is 1 in 2^32 (almost 1 in 4.3 billion, but I suppose it could > be > manipulated) Exactly. > fingerprint risk is 1 in 2^160 (possibly a bit worse than that, not too > sure of all the inner workings) Can't say for sure right now, but I think this is a right estimate. My statement was just as follows: you can't use non-unique numbers (if you know for sure that it is so) for ID's of user accounts in account-based system. Nothing more. Technically speaking you *must not* do so, because they are used as "primary key" in database. Regards. Alexander Fedotov ______________________________________________________ [EMAIL PROTECTED] http://www.indx.ru/eng --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
