[zeromq-dev] Proposal for ZeroMQ certificate format

Tony Arcieri bascule at gmail.com
Tue Oct 15 20:12:36 CEST 2013


On Tue, Oct 15, 2013 at 10:59 AM, Pieter Hintjens <ph at imatix.com> wrote:

> While I'm not defending MD5 at all, can a forgery m' have the same size as
> m?
>

Yes.

As far as I can see, the signature has to be short enough to verify by
> hand. SHA256 would produce 32 bytes; just the same as verifying the
> CURVE key by hand.
>

I didn't realize you were just calculating a key fingerprint. I don't see
the point of doing that for Curve25519 keys, given their short length.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131015/8e92d3fc/attachment.htm>


More information about the zeromq-dev mailing list