On Wed, Oct 16, 2013 at 6:21 AM, Pieter Hintjens <[email protected]> wrote: > - a more secure hash, which we must truncate to fit the use case, e.g. > first 6 bytes of SHA512 hash
6 bytes does not provide a sufficient security margin for key verification. This is still well within the realm of a brute force search. PGP key IDs are not intended for the purposes of securely authenticating keys. They are intended for a more Git-like purpose: telling a small set of local keys apart. You should still provide a secure digest for authenticating public keys. -- Tony Arcieri _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
