[messaging] "Pseudoword" base32 fingerprints
infinity0 at pwned.gg
Wed Feb 5 17:21:40 PST 2014
On 06/02/14 01:08, Tony Arcieri wrote:
> On Wed, Feb 5, 2014 at 4:47 PM, Moritz Bartl <moritz at headstrong.de <mailto:moritz at headstrong.de>> wrote:
> Hm. Sorry, stupid question, but why can't you simply map 4-tuples to a
> 65k wordlist? Fantasy names, English, something more pronounceable?
> There could maybe even multiple "authoritative tables" in various languages.
> I was just talking to Trevor about this very thing ;) It's the approach I'd like to use. You can generate a random salt and run the password through e.g. scrypt as well in order to derive a symmetric key
> Tony Arcieri
65k would be 16 bits. For some applications this could be enough, but to get up to a 160-bit long-term fingerprint this would be 10 words. Hopefully we can improve on this.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 880 bytes
Desc: OpenPGP digital signature
More information about the Messaging