From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Proxmox Backup Server development discussion"
<pbs-devel@lists.proxmox.com>,
"Dietmar Maurer" <dietmar@proxmox.com>,
"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint
Date: Wed, 18 Nov 2020 07:47:13 +0100 [thread overview]
Message-ID: <6447caa6-7079-4515-af39-4322fdd8a69f@proxmox.com> (raw)
In-Reply-To: <645547754.213.1605678469368@webmail.proxmox.com>
On 18.11.20 06:47, Dietmar Maurer wrote:
>> On 11/18/2020 6:27 AM Dietmar Maurer <dietmar@proxmox.com> wrote:
>>
>>
>> Do we really need/want a 256bit long fingerprint?
>>
>> I thought 64bit (or maybe 32bit) would be large enough?
>> If not, why does it have to be that large?
>
> some quick math:
>
> max keys a user generate in his live: 1024 (2¹⁰)
>
> so the likelihood of a 32bit fingerprint clash is
>
> W = 1/2^²² (1/4Millions)
>
> which is, unlikely, but possible.
>
> But with 64bit it is extremely unlikely (1/2⁵⁴).
From a pure user experience I think it could be better to present 8 byte of fingerprint
information - as the nerves/stress ratio is probably not to good at times where this is
required.
8 byte: "90:A1:CA:44:BE:0B:D4:1C"
vs.
32 byte: "90:A1:CA:44:BE:0B:D4:1C:F7:D9:F5:2F:7C:92:DB:69:B2:2A:AF:6A:1C:7A:DB:0C:03:93:3E:EA:95:EC:26:92"
I mean, after all, this is rather informal and even if there would be a unlikely
collision it does not actually compromises security in any way I can think of.
next prev parent reply other threads:[~2020-11-18 6:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-17 17:57 Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 1/7] crypt config: add fingerprint mechanism Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 2/7] key: add fingerprint to key config Fabian Grünbichler
2020-11-18 8:48 ` Wolfgang Bumiller
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 3/7] client: print key fingerprint and master key Fabian Grünbichler
2020-11-17 18:38 ` Thomas Lamprecht
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 4/7] client: add 'key show' command Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 5/7] add key fingerprint to manifest Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 6/7] fix #3139: manifest: check fingerprint when loading with key Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 7/7] client: check fingerprint after downloading manifest Fabian Grünbichler
2020-11-18 5:27 ` [pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint Dietmar Maurer
2020-11-18 5:47 ` Dietmar Maurer
2020-11-18 6:47 ` Thomas Lamprecht [this message]
2020-11-18 8:27 ` Fabian Grünbichler
2020-11-18 8:54 ` Dietmar Maurer
2020-11-23 7:55 ` Dietmar Maurer
2020-11-23 8:16 ` Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6447caa6-7079-4515-af39-4322fdd8a69f@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=dietmar@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal