On Wed, Oct 16, 2013 at 3:40 PM, shancat <[email protected]> wrote:
> Point 1 & 3 should be excluded. Why bother with high strength crypto like > curve when it's easy to generate forged certificates in the first place? It's not clear that it's easy or even possible. A forged certificate would need to have the exact same size (the size is part of the fingerprint line), while remaining valid and parseable. We do agree on the need for fingerprinting? In that case I'd propose we make an arbitrary-but-not-MD5 choice today, and continue on other aspects. We're not the only ones with the problem. No matter what we chose we're going to have to use something better in the future. I suggest we use SHA512 truncated to 6 bytes, and prefixed by the first 6 bytes of the sender's public key. To create a fraudulent certificate an attacker would have to find a double collision. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
