# Identity spoofing mature

The hash of an identity (user or service) is the SHA-256 hash of its public key. For the reasons stated below, this ensures that identity hashes are unique, and cannot be spoofed.

## Probability of choosing the same identity hash

In asymmetric cryptography, a user generates a key pair consisting of a private key (to be kept secret) and a public key (to be published). Data encrypted using the public key can be decrypted using the private key, and signatures created using the private key can be verified with the help of the public key.

For such a cryptographic scheme to be secure, a huge number of key pairs must exist. Otherwise, an attacker could break the scheme by enumerating all key pairs (brute force attack). Hence, users will most likely generate different key pairs.

If all key pairs have different public keys, users will most likely have different identity hashes.

One could imagine a strong cryptographic scheme in which some key pairs have different private keys, but share the same public key. Inevitably, any of the private keys could decrypt the message encrypted using the public key. Such a scheme is strong only if a huge number of public keys exist, so that users are likely to have different public keys. This, in turn, ensures that account identifiers are most likely different.

## Maliciously spoofing an account

To spoof an identity, an attacker would have to come up with a valid key pair of which the SHA-256 hash of the public key yields the identity hash to be spoofed. To do this, he must either break the SHA-256 hash function to find a colliding public key, or break the asymmetric cryptography scheme by finding the private key corresponding to the public key of the account. Both are believed to be hard.