[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP Keyserver Synchronization Protocol



-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 23 Jun 1999, Werner Koch wrote:

> Tony Mione <mione@hardees.Rutgers.EDU> writes:
> 
> > Any reason for MD5? I understand the SHA-1 is longer. However, it is
> > thought to be a stronger hash the MD5 at this time. 
> 
> Yes it is longer and therefore increasing the amount of bytes to
> exchange.  I can't see a reason for a cryptographic strong hash algorithm
> here - it is merely used as a checksum.  MD5 is good enough for this.
> 

Ok,

	It just seems that normal CRCs are more likely to have collisions
(since they are generally much smaller (32 bits, etc). If you are going
through the trouble of putting in MD5, the 4 extra bytes for SHA-1 should
not be a tremendous burdon. If you are working with a keyserver holding
100,000 keys, you add 400K which is hardly more than a fraction of a second
to transfer with today's network technologies. 

> 
> -- 
> Werner Koch at guug.de           www.gnupg.org           keyid 621CC013
> 
> 

Tony Mione, RUCS/TD, Rutgers University, Hill 055, Piscataway,NJ - 732-445-0650
mione@noc.rutgers.edu                        W3: http://noc.rutgers.edu/~mione/
PGPFP:D4EEA987E870277C  24AAE6E9E6ABD088     ***** Important: Rom 10:9-11 *****
Author of 'CDE and Motif : A Practical Primer', Prentice-Hall PTR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp2.1, a Pine/PGP interface.

iQCVAwUBN3IaiAfNcGHdn+zRAQH9oQQAg6lWFPtYsnh2yieC2BSmIa3cDnT9aRyV
sDYdLKI1ups5mG0HpGRzDtpM/iKBwevenirK4uSfy2GMFOQo7FCn2FrFCqiyBe8V
aKVMpjVN08p+OsC2ZzFP2qPLLfvNXgtFYCq56fzt2V6/9IQX283VskbJ5xZ1eHUU
PxJqV4doIW0=
=UOl7
-----END PGP SIGNATURE-----