[Cryptography] Thoughts about keys

James A. Donald jamesd at echeque.com
Sat Aug 31 23:02:26 EDT 2013

On 2013-09-01 11:16 AM, Jeremy Stanley wrote:
> At free software conferences, where there is heavy community 
> penetration for OpenPGP already, it is common for many of us to bring 
> business cards (or even just slips of paper) with our name, E-mail 
> address and 160-bit key fingerprint. Useful not only for key signing 
> (when accompanied by photo identification), but also simply allows 
> someone to retrieve your key from a public keyserver and confirm the 
> fingerprint matches the one you handed them. 
The average user is disturbed by the sight a 160 bit hash.

When posting graphic images on my blog, I have to name the image twice, 
once when I store it on my website, and once when I reference it in a 
post.   Despite the fact that the names are meaningful and human 
readable, and the total number of images is not unreasonably large, I 
find it quite difficult to enter exactly the same name the same way 
twice.  Much of the time the image mysteriously fails to appear, even 
though I cannot see any typo, the two spellings right in front of me 
look exactly alike.

The end user's instinctive fear of 160 bit hashes is well founded..

More information about the cryptography mailing list