9

A question about fingerprints:

Assume that me and my friend have a lot of time on our hands and that we have extremely good memory.

I send him my public key. To prove that the key he has on his computer is the same key that I sent him, I proceed to call him on the phone and read out the whole key in ASCII, as he checks it against what he has on his computer. (I know that it is unnecessary to send the key at all if I'm going to read it over the phone but this is just for the sake of the example.)

My question is then:

Is reading the entire key out loud over the phone to the other person and having him checking it against what he has on his computer equivalent to comparing the fingerprints of the key(s)? I.e, is the fingerprint just a means to assure that the message has not been intercepted and altered?

Sahand
  • 7,980
  • 23
  • 69
  • 137
  • 4
    I'm voting to close this question as off-topic because it is about computer and information security, and not about programming. The question might be a better fit on [Information Security](http://security.stackexchange.com/). – Lasse V. Karlsen Nov 16 '15 at 12:24

2 Answers2

7

The fingerprint is hash (like checksum) of the entire public key. The purpose is as you said - shorter way to compare the public key.

i486
  • 6,491
  • 4
  • 24
  • 41
  • Why even use public keys instead of the fingerprint? Is it not possible to sign via the private key and then simply send the fingerprint to the other person and make sure he received the correct one via phone and use then the other person could use the fingerprint (not the associated public key) to check the signature? Or is it only possible to check a signature via looking up the associated public key? – Ini Oct 26 '18 at 14:38
  • Doesen't Bitcoin use the fingerprint to check for validity instead of the public key? – Ini Oct 26 '18 at 14:38
0

There is already a checksumming mechanism described in https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md

If you're writing a program using web3.js, for example, you can use https://web3js.readthedocs.io/en/1.0/web3-utils.html#isaddress to check the integrity of the address (e.g. if it has been corrupted or cut short or something like that).

Juuso
  • 101
  • 2
  • Ok, looking closer, this isn't even http://ethereum.stackexchange.com, and the original asker posted the link to #ethereum freenode channel, hence my answer. This maybe should be moved to Ethereum StackExchange. – Juuso Oct 26 '18 at 14:54