[messaging] Useability of public-key fingerprints

Robert Ransom rransom.8774 at gmail.com
Thu Jan 30 02:34:48 PST 2014

On 1/30/14, Ximin Luo <infinity0 at pwned.gg> wrote:

> 160-bits ought to be enough, but I hear bad things about SHA-1. Is there a
> better alternative of equal length?

Pick a hash and truncate it.  (Or use a hash which has a defined way
to produce a short output.  I would prefer BLAKE2s, but there are
other reasonable choices.)

> Perhaps you could let the user tell you what medium they want to use, and
> generate a scheme optimised for that medium? (Or is that "too complex"..)

I think the Right Thing will involve using one of a variety of plugins
to transport fingerprints/keys or ‘display’ hashes of them to a human.

One obvious approach for the severely visually impaired (but not also
deaf) is to feed a PRNG's output to a Markov-chain music generator.

‘Music, Physics and Engineering’ (second edition) by Harry F. Olson
(ISBN 0-486-21769-8, first published in 1967) describes an electronic
device which used trigram frequencies of notes, and unigram
frequencies of rhythm patterns for each measure, to generate music in
the style of Stephen Bishop.  The book also describes techniques for
algorithmic composition of music using a general-purpose computer.

Robert Ransom

More information about the Messaging mailing list