[messaging] Useability of public-key fingerprints

Trevor Perrin trevp at trevp.net
Thu Jan 30 17:50:16 PST 2014

#1 d1:bc:df:32:a2:45:2e:e0:96:d6:a1:7c:f5:b8:70:8f

#2 ba:06:7f:d2:b9:74:a8:0a:13:cb:a2:f7:e0:10:59:a0

On Thu, Jan 30, 2014 at 4:34 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Trevor Perrin <trevp at trevp.net> writes:
>>(A) Most people will never check or understand public-key fingerprints, so we
>>need something more automatic (eg TOFU and/or trusted infrastructure)
> See for example "Do Users Verify SSH Keys?" (Abstract: "No"),
> https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf.
>>(B) Those users who *are* motivated to deal with fingerprints will be
>>motivated enough to make them work whether 25 or 40 chars, base32 or base16,
> They'll be motivated enough to do some checking, but given result from work on
> fuzzy fingerprints (referenced in the above article) no-one but the most
> singularly OCD will actually do the check properly, i.e. rigorously check all
> 40 characters for every key they deal with.

You're referring to the THC tool, which Daniel also mentioned.


I'm including its examples from the paper and Jon Erickson's book
(compare #1 at the top and bottom of this email, and #2).  They're
pretty easy to tell apart, IMO.

But I dunno, maybe I'm wrong.  My larger point is that I wish there
were actual user studies and serious research on these questions.  And
if that doesn't exist, maybe we should try to encourage it...


#1 d6:b7:df:31:aa:55:d2:56:9b:32:71:61:24:08:44:87

#2 ba:06:7e:b2:64:13:cf:0f:a4:69:17:d0:60:62:69:a0

More information about the Messaging mailing list