From: Scott Brickner <sjb@universe.digex.net>
To: Adam Shostack <adam@lighthouse.homeport.org>
Message Hash: 854e5571a1bb0b624e3b7c97ee6d13c372b89bc3a3836fe9b2c5a885bcfa5791
Message ID: <199510061603.MAA18239@universe.digex.net>
Reply To: <199510060224.WAA03180@homeport.org>
UTC Datetime: 1995-10-06 16:03:28 UTC
Raw Date: Fri, 6 Oct 95 09:03:28 PDT
From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 6 Oct 95 09:03:28 PDT
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: subjective names and MITM
In-Reply-To: <199510060224.WAA03180@homeport.org>
Message-ID: <199510061603.MAA18239@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain
Adam Shostack writes:
> The key does indeed have a high likelihood of being unique,
>but dealing with 1024 bit identifiers could strain database systems,
>especially when 100 well chosen bits would be than enough.
Hence the suggestion to use a hash of the key instead of the key
itself. Someone pointed out that a uniformly distributed 1024 bit
prime has something like 1014 bits of entropy. An md5 hash of the key
should have about 128 bits of entropy, with the probability of a
collision among 2^33 keys (one per person, worldwide) being about
1 in 2^95, or about 1 in 10^29. Sounds like we're safe, even without
straining our databases.
Return to October 1995
Return to “Wei Dai <weidai@eskimo.com>”