On Friday 01 August 2003 20:17, Orna Agmon wrote: > On Fri, 1 Aug 2003, Shlomi Fish wrote: > > BTW, how does GnuPG know how to generate a unique key ID? I thought the > > server assigned it a key ID out of its key pool. Surely, if any GPG > > program generates key IDs independetly there will be some collision > > between two specific keys? > > The KEY ID cannot be unique. It can be well distributed, such thatkeys > that vary a little have a very different KEY ID, but since it holds a lot > less information than the actual key, there is no way of it being uniqe. > Bird house principle (? - SHOVACH YONIM).
Which is why you should always verify the fingerprint, which is much more unique. The pub key ID is good only for specifying the key quickly when you intend to veridy it later. -- Dan Armak Matan, Israel Public GPG key: http://dev.gentoo.org/~danarmak/danarmak-gpg-public.key Fingerprint: DD70 DBF9 E3D4 6CB9 2FDD 0069 508D 9143 8D5F 8951
pgp00000.pgp
Description: signature
