[messaging] Useability of public-key fingerprints

[Robert Ransom]

On 1/30/14, Trevor Perrin <trevp at trevp.net> wrote:
> On Thu, Jan 30, 2014 at 5:06 AM, Ximin Luo <infinity0 at pwned.gg> wrote:
>>
>> However, I don't think we'll ever get rid of *all* fps. So we should try
>> to improve these as well. These are two distinct topics, there is no
>> conflict.


> People brought up formats designed for visual or spoken presentation:
>  - SSH randomart
>  - PGPfone, S/Key, or Koremutake wordlists
>
> I share Daniel's skepticism about randomart and Robert's skepticism
> about wordlists [2,3].
>
> These schemes don't seem like much of an improvement over alphanumeric
> text, even in their chosen domain.  And they're much more awkward
> outside it (speaking a randomart, or fitting, say, 20 words into a
> text field).

Actually, I don't believe that the S/Key encoding or Koremutake were
designed for voice transmission.  (Sorry -- I should have corrected
this much sooner.)

* S/Key was designed to make a 48-bit password easy for a user to copy
from a piece of paper to a terminal.  (The documentation for a
competing system, OTPW, points out that this encoding is in fact a
security flaw in S/Key, particularly when combined with S/Key's
cryptographic design.  See the fourth and first paragraphs of the
‘Design rationale’ section of
<https://www.cl.cam.ac.uk/~mgk25/otpw.html>.)

* Koremutake's stated goal is to invertibly map a (potentially large)
integer to a string which is ‘memorable’ to a user who can see it.
(They appear to mean “memorable” in the sense of “easy to recall”,
rather than “easy to recognize”.)

Neither of those two encoding systems claims to have been designed to
support voice transmission, so I was not surprised to find that they
were not suitable for the application that I had in mind.  These
encodings, and others like them, may still be useful, but I would not
design a system to use one of them as the primary representation of
keys or fingerprints.


Robert Ransom