Mark H. Wood wrote: > The whole point of using a hash is to make it extremely unlikely that > either party could recover the plaintext unilaterally. It's like having a > vault with two different locks, and giving the keys to two different > people, to make abuse more difficult by requiring collusion for a > successful penetration.
Sure, I understand the purpose. But Florian seemed to be saying that it would be simple to retrieve the plaintext, "because the search space is so small". Ryan M. covered that a bit, but mostly from the perspective of guarding against identity theft. It would only protect somewhat against that (making it harder is at least a good start, I'd say)...but unless I'm missing something big it would protect against any party retrieving the entire plaintext passenger list (or whatever it may be) or the entire plaintext watch list. > It's worse than that. I don't know of anybody who spells his name > "Aleks", I don't either personally, but Google says it's pretty common. > but both "Yuri" and "Yuriy" are in use, not to mention (usually > from another part of the world) "Uri". Likewise both "Mark" and "Marc" > are common. It doesn't have to be an error to be a false mismatch. No, but with that level of false negatives you might as well not even bother with the system in the first place. > If I understand what e.g. Soundex does, it should be possible to compare > hashes of Soundex-coded strings in order to reduce the incidence of false > mismatches. And with that level of false positives ... http://www.highprogrammer.com/alan/numbers/soundex.html explains how soundex works, and from that it should be obvious that soundex would be a *horrible* choice for this application. Which is not of course to say that it's an unlikely choice. :-D -Alex Mauer "Hawke"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users