top | item 44036628

(no title)

Given a situation in which you have a decent way to guess user names, such as ‘first-initial-lastname’ how much entropy does this take away?

It seems like I’ve seen several of these over the years when a patch to parse comments would probably be simpler and less of an anti-pattern. What am I missing here?

Edit: or a config dir that allows multiple key files.

discuss

bspammer|9 months ago

I’m not a crypto expert at all, but surely it takes away no entropy because the fixed prefix is on the public key not the private key?

My reasoning is that the full public key could be seen as a 256 bit fixed prefix, but knowing the public key is meant to give no information about the private key by design.

colanderman|9 months ago

That may be true, but I don't think that it is obviously so.

If it were, then public keys could be shorter by the same amount and still provide the same level of protection.

But by design they are not.