[zeromq-dev] Proposal for ZeroMQ certificate format

Tony Arcieri bascule at gmail.com
Wed Oct 16 18:36:34 CEST 2013


On Wed, Oct 16, 2013 at 6:21 AM, Pieter Hintjens <ph at imatix.com> wrote:
> - a more secure hash, which we must truncate to fit the use case, e.g.
> first 6 bytes of SHA512 hash

6 bytes does not provide a sufficient security margin for key
verification. This is still well within the realm of a brute force
search.

PGP key IDs are not intended for the purposes of securely
authenticating keys. They are intended for a more Git-like purpose:
telling a small set of local keys apart.

You should still provide a secure digest for authenticating public keys.

-- 
Tony Arcieri



More information about the zeromq-dev mailing list