[messaging] Test Data for the Usability Study

David Leon Gil coruus at gmail.com
Wed Jun 25 09:01:10 PDT 2014


## Study as a whole

This data is important; and it's important to get ASAP.

One thing I would really like to see, however, is (a small amount of) data
on *worse* matches. (Say in the 2^48 range.)

This is because I'm extremely pessimistic about most users' ability to
verify much more than 64 bits of entropy consistently.

And I think that, e.g., words will work much better in this case.

(I think it's quite possible to bring the *cost* of a 2^48 match to
significantly above 2^80 SHA2-512 evals using one of the PHW competitors.)

## Better word matches:

Are you most interested in matching spelling or matching meaning?

If the latter, I'll pull the WordNet data for the chosen word set, and we
can just identify synonyms for computing difficulty of match.

If the former, I think that it's trivial to compute the Levenshtein
distances for the set. What edit distance would you like to threshold at?

(But that likely won't happen until Friday at soonest.)

Sun 24, 2014 9:01 PM, "Trevor Perrin" <trevp at trevp.net> wrote:
>
> On Mon, Jun 23, 2014 at 2:34 PM, Tom Ritter <tom at ritter.vg> wrote:
> > I implemented this on a branch
> > (
https://github.com/tomrittervg/crypto-usability-study/commit/9df0e72f15391128b6b067e891323363780cb451
> > ), and ran into three issues:
> >
> > 1) I also am not sure if, when we flip the bits, they should be
> > flipped at random, or just negated.  My gut says negated...
> > 2) The 850 word corpus does not translate directly into an even number
> > of bits.  I wound making it 14 words, each representing 9 bits (using
> > 512 of the words)
> > 3) The more I thought about it, and then verified, the fingerprints
> > barely match at all.
> >
> > Negation:
> > wood - be - jump - though - punishment - for - company - animal - far
> > - you - unit - snow - cover - father
> > disease - society - wool - punishment - to - even - edge - again -
> > hour - base - wood - as - amusement - daughter
> >
> > Random:
> > attention - smell - behavior - smile - rain - the - wood - food -
> > stage - get - almost - competition - increase - earth
> > birth - cough - apparatus - soap - knowledge - of - band - friend -
> > snow - get - then - stretch - belief - earth
>
> Yeah, to point out the obvious - if those are supposed to be fuzzy
> matches from a 2^80 attacker, they're not very good.
>
> If each word encodes 9 bits, and you're trying to simulate an attacker
> who can do ~2^80 work, why don't you just set 9 of the words equal?
>
> The poem generator uses some bits to determine grammatical structure,
> and most of the bits to choose words.  So maybe set the structure the
> same, and then use the rest of the bits to set some number of words
> equal?
>
> This is rough, obviously soundalike / lookalike metrics would be
> better, but for a first cut maybe it's good enough?
>
>
> Trevor
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140625/7f3764ec/attachment.html>


More information about the Messaging mailing list