[messaging] Let's run a usability study (was Useability of public-key fingerprints)
Christine Corbett Moran
corbett at alum.mit.edu
Mon Apr 21 01:54:25 PDT 2014
OK Tom, everybody. It's a holiday week here in Zurich, so I'll have lunch
with my colleague next week to discuss. Any final thoughts, include before
then, and I'll get back with a thought about what we need to make this
project happen in practice. If she's interested, I'll go ahead and invite
her to the github and suggest we continue discussion there.
> On Sun, Apr 20, 2014 at 2:35 AM, Tom Ritter <tom at ritter.vg> wrote:
>> Hey Christine, I haven't heard anyone speak up, so I would say give it
>> a day or two to let people voice last thoughts on it
>> (https://github.com/tomrittervg/crypto-usability-study) and then pass
>> it to your colleague =) Based on their comments, we can retool
>> things, and then the next stage will be writing code and generating
>> test cases.
>> On 8 April 2014 11:35, Christine Corbett Moran
>> <christine.corbett at gmail.com> wrote:
>>> Just an update from my end, I'll be leaving my University in September
>>> so getting this well underway by then would be ideal, as the local
>>> researcher I'd be interfacing with would need some help and advice in
>>> the experimental design.
>>> So just let me know when we have the basics ready for me to start,
>>> unfortunately with all the TextSecure work I'm not able to contribute
>>> much to this stage, but the interfacing stage should be a series of
>>> enjoyable coffees with my colleague =0, and probably helping out with
>>> administering the experiment itself.
>>> On Tue, Apr 8, 2014 at 5:29 PM, Michael Rogers <michael at briarproject.org>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA256
>>>> On 08/04/14 12:59, Tom Ritter wrote:
>>>>> A mistake. =) I've updated it with a 25/75% split between 2^80
>>>>> flaw chosen specifically and chosen at random for each type.
>>>> Ideally we'd start with random flaws and determine empirically what
>>>> flaws are least noticeable for each encoding method. Then we'd be able
>>>> to do a proper comparison across encodings for flaws chosen by the
>>>> attacker within a given budget. Right now it doesn't seem to me that
>>>> we can separate the empirical detection rate of attacker-chosen flaws
>>>> from our intuition about what flaws an attacker would choose. So I
>>>> suggest that we start simple and leave out the non-random flaws in the
>>>> first instance.
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1.4.10 (GNU/Linux)
>>>> -----END PGP SIGNATURE-----
>>>> Messaging mailing list
>>>> Messaging at moderncrypto.org
>>> Christine Corbett Moran
>>> christine.corbett at gmail.com
>>> +1 (617) 398-0452
> Christine Corbett Moran
> christine.corbett at gmail.com
> +1 (617) 398-0452
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging