In order to communicate securely with someone using public key cryptography you need to exchange public keys. But how can you be sure that the public key you receive is really from the purported owner. |
There are a number of techniques to do this one of which is to use digital fingerprints. When a key pair is created using an encryption application then the created public key has a unique fingerprint generated with it. The digital fingerprint consists of a unique series of words or pairs of hexadecimal numbers. If words are used for the fingerprint then they come from a list of 256 phonetically distinct words each to represent one of the 256 possible numbers of a hexadecimal number pair from 00 to FF.
In the novel Cryptonomicon the fingerprint from the cryptography application Ordo consists of sixteen hexadecimal pairs, which gives 25616 or 3.4 x 1038 possible fingerprints. The size of the number of possible fingerprints means that it is practically impossible to generate a public key with the same fingerprint as another therefore making it impossible for a third party to substitute a different key in place of the genuine key. This means that the fingerprint can be transmitted over an unsecured channel such as in a telephone conversation, as happens between Randy and Avi in the chapter of Cryptonomicon titled Novus Ordo Seclorum.