Hacker News new | past | comments | ask | show | jobs | submit login

By its length, obviously. If something it 8 hex digits, it's 32-bit.

Key IDs are just a part of the fingerprint, last 8 hex digits of the full 160-bit one. That is, the 32-bit ID is "2A8E4C02" while the full hash is "67819B343B2AB70DED9320872C6464AF2A8E4C02". The problem is, as article shows, finding another SHA-1 hash that ends with the same digits is relatively easy.

Fortunately, as I've heard, there are no known (at least, no publicly known) second preimage attacks on SHA-1, so comparing whole hashes should be fine for a time being. But as I'M NOT A CRYPTOGRAPHER, please consult a cryptographer on this and take my words with a grain of salt.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact