[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP Keyserver Synchronization Protocol
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 23 Jun 1999, Werner Koch wrote:
> Tony Mione <mione@xxxxxxxxxxxxxxxxxxx> writes:
> > Any reason for MD5? I understand the SHA-1 is longer. However, it is
> > thought to be a stronger hash the MD5 at this time.
> Yes it is longer and therefore increasing the amount of bytes to
> exchange. I can't see a reason for a cryptographic strong hash algorithm
> here - it is merely used as a checksum. MD5 is good enough for this.
It just seems that normal CRCs are more likely to have collisions
(since they are generally much smaller (32 bits, etc). If you are going
through the trouble of putting in MD5, the 4 extra bytes for SHA-1 should
not be a tremendous burdon. If you are working with a keyserver holding
100,000 keys, you add 400K which is hardly more than a fraction of a second
to transfer with today's network technologies.
> Werner Koch at guug.de www.gnupg.org keyid 621CC013
Tony Mione, RUCS/TD, Rutgers University, Hill 055, Piscataway,NJ - 732-445-0650
mione@xxxxxxxxxxxxxxx W3: http://noc.rutgers.edu/~mione/
PGPFP:D4EEA987E870277C 24AAE6E9E6ABD088 ***** Important: Rom 10:9-11 *****
Author of 'CDE and Motif : A Practical Primer', Prentice-Hall PTR
-----BEGIN PGP SIGNATURE-----
Comment: Processed by mkpgp2.1, a Pine/PGP interface.
-----END PGP SIGNATURE-----