Eric Rescorla wrote:
To be concrete, we have 2^15 distinct keys, so, the
probability of a false positive becomes (2^15)/(2^b)=2^(b-15).
To get that probability below 1 billion, b+15 >= 30, so
you need about 45 bits. I chose 64 because it seemed to me
that a false positive probability of 2^{-48} or so was better.
-Ekr
Since it's a known set, I think you can use perfect hashing. There will still be false positives, but presumably no "bad" keys, nor keys matching the hash everyone agrees on, are going to be issued after today, right? Yeah, right.