[messaging] Let's run a usability study (was Useability of public-key fingerprints)

Tom Ritter tom at ritter.vg
Sat Apr 19 17:35:19 PDT 2014


Hey Christine, I haven't heard anyone speak up, so I would say give it
a day or two to let people voice last thoughts on it
(https://github.com/tomrittervg/crypto-usability-study) and then pass
it to your colleague =)  Based on their comments, we can retool
things, and then the next stage will be writing code and generating
test cases.

-tom

On 8 April 2014 11:35, Christine Corbett Moran
<christine.corbett at gmail.com> wrote:
> Just an update from my end, I'll be leaving my University in September
> so getting this well underway by then would be ideal, as the local
> researcher I'd be interfacing with would need some help and advice in
> the experimental design.
>
> So just let me know when we have the basics ready for me to start,
> unfortunately with all the TextSecure work I'm not able to contribute
> much to this stage, but the interfacing stage should be a series of
> enjoyable coffees with my colleague =0, and probably helping out with
> administering the experiment itself.
>
> C
>
> On Tue, Apr 8, 2014 at 5:29 PM, Michael Rogers <michael at briarproject.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 08/04/14 12:59, Tom Ritter wrote:
>>> A mistake. =) I've updated it with a 25/75% split between 2^80
>>> flaw chosen specifically and chosen at random for each type.
>>
>> Ideally we'd start with random flaws and determine empirically what
>> flaws are least noticeable for each encoding method. Then we'd be able
>> to do a proper comparison across encodings for flaws chosen by the
>> attacker within a given budget. Right now it doesn't seem to me that
>> we can separate the empirical detection rate of attacker-chosen flaws
>> from our intuition about what flaws an attacker would choose. So I
>> suggest that we start simple and leave out the non-random flaws in the
>> first instance.
>>
>> Cheers,
>> Michael
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iQEcBAEBCAAGBQJTRBW+AAoJEBEET9GfxSfMvTwIALMBNN1wFUspi5AkPMJTqK5i
>> S9ybLJFxPbVr4JZoOKLSnVLkhFtcx8fJ8NAtDjjx+o5U9/5iC3QclTI9Z0vuEEoI
>> vPoFZoeEokHH/x9TKNEQhBi5lmM3TcCOotCuRiMb/t1T2SITACD1hms6jY0hmodA
>> hBUAok/7Xh4kp+FqFO3zcHpmTFXLX8EcVzhW3fMTkffHtzGpBkltnc7JRqMJP1g/
>> FdYV3pwkvxEY5kVXNmeFZDpb54EgqAgYjwDGLtm6/aGXJcTTWrYr1hB2he6mgOIX
>> OJTKcSpjsE7gmu3Lf4AFoPv6g5zFTjsi3rbVRD3W+ClEskrcGFGYi9GFXTdnOP8=
>> =xiAV
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>
>
>
> --
> Christine Corbett Moran
> christine.corbett at gmail.com
> +1 (617) 398-0452
> www.christinecorbettmoran.com


More information about the Messaging mailing list