From 8c8cf2ed50f6d546462e5a8c61d9c99c4ac8a843 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Sat, 25 Nov 2023 16:30:54 +0100 Subject: [PATCH] edit commit 02b0785584 on the not-exactly-unique fingerprint --- book/source/04-certificates.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 9550e3e..0e0fcc0 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -96,9 +96,7 @@ For example, an OpenPGP version 4 certificate with the fingerprint `B3D2 7B09 FB Historically, even shorter 32-bit identifiers were used, like this: `2455 4239`, or `0x24554239`. Such identifiers still appear in very old documents about PGP. However, [32-bit identifiers have been long deemed unfit for purpose](https://evil32.com/). At one point, 32-bit identifiers were called "short Key ID," while 64-bit identifiers were referred to as "long Key ID." ```{note} -In practice, the fingerprint of a component key is used like a unique identifier. - -However, formally, a fingerprint is not unique. For every component key, other component keys with the same fingerprint exist, in theory. But because fingerprints are calculated using a [cryptographic hash algorithm](crypto-hash), it is practically impossible to find two different component keys that have the same fingerprint. +In practice, the fingerprint of a component key, while not theoretically unique, functions effectively as a unique identifier. The use of a [cryptographic hash algorithm](crypto-hash) in generating fingerprints makes the occurrence of two different component keys with the same fingerprint extremely unlikely. ``` ### Primary key