[messaging] MITM-safe communication w/o authentication possible?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 30 07:20:06 PST 2015
On Mon 2015-11-30 15:52:35 +0200, Karl wrote:
> Right. I imagine the face is generated from the fingerprint of the
> public key. Hence copying it would require generating enough keys to
> find a human-believable collision, as would be equivalently done to
> fake .onion addresses or pgp key fingerprints. We're a lot better at
> remembering and comparing the details of faces than numbers, and we
> readily associate them with identities.
We've had quite a bit of discussion in the past about how to generate
human-memorable fingerprints. But the challenge isn't in getting people
to associate the face with the identity. It's in getting people to
*distinguish* other plausibly-similar faces from the target face.
Humans are generally OK at the former (some better than others) and
often quite terrible at the latter, partly because real-world faces
actually do change quite a bit (sunburn, nutrition, sleep, hairstyles,
dirt, food, facial hair, etc). we're hard-wired to make loose matches
in this space, which is sort of the opposite of what you'd want from a
fingerprinting technique where the adversary gets to try a lot of
options to find a "close match" that breaks fingerprintability.
More information about the Messaging