Key fingerprints (not the DNS kind)

Michael Ströder michael at stroeder.com
Tue Nov 11 21:28:55 EST 2014


shawn wilson wrote:
> On Nov 9, 2014 8:42 PM, "Damien Miller" <djm at mindrot.org> wrote:
>>
>> On Sun, 9 Nov 2014, shawn wilson wrote:
>>
>>> On Sun, Nov 9, 2014 at 7:11 PM, Damien Miller <djm at mindrot.org> wrote:
>>>
>>> That's always a good idea, but try not to reinvent the wheel too much
>>> here: http://hashcat.net/wiki/doku.php?id=example_hashes
>>> There's no m5(sha512(word)) but $foo$fpr or $foo$host$fpr should maybe
>>> be used?
>>
>> I don't think password hashes are a good model for key fingerprints.
>> Password hashes are intended for consumption in password databases,
>> key fingerprints are intended for rapid and accurate comparison by
>> humans.
> 
> It is to identify a hash. Who cares what the hash is of.

Password hash schemes also needs a salt specification and maybe more (rounds
etc.) => not usable

It seems some people define URN name spaces for such fingerprints:

https://tools.ietf.org/html/draft-seantek-certspec

http://www.aaronsw.com/2002/draft-swartz-pgp-urn-00.html

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141111/ab9e541c/attachment.bin>


More information about the openssh-unix-dev mailing list