[Cryptography] Clinton email issues

Michael Kjörling michael at kjorling.se
Mon Mar 25 05:02:43 EDT 2019


On 25 Mar 2019 01:48 +0100, from angel at crypto.16bits.net (Ángel):
> Is the fingerprint mb2gk- or mb2gk-6duf5-ygyyl-jny5e-rwshz? If the
> earlier, isn't that a fingerprint too short to be relied on?

Even if it is the longer one, if I'm not mistaken, log2(36^25) ~ 129.
For a birthday attack by a powerful adversary, and where presumably
the attacker can generate numerous keys and possibly somehow
deliberately craft the generated keys in order to get (closer to) a
desired fingerprint, is that really sufficient?

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
  “The most dangerous thought that you can have as a creative person
              is to think you know what you’re doing.” (Bret Victor)


More information about the cryptography mailing list