[messaging] MITM-safe communication w/o authentication possible?

Karl gmkarl at gmail.com
Wed Dec 2 04:05:15 PST 2015

I made a python script to generate faces from hexadecimal strings:
https://github.com/gmkarl/facesum .  It uses makehuman (
http://www.makehuman.org/ ) to create detailed face structures.

On 11/30/15, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> We've had quite a bit of discussion in the past about how to generate
> human-memorable fingerprints.  But the challenge isn't in getting people
> to associate the face with the identity.  It's in getting people to
> *distinguish* other plausibly-similar faces from the target face.

I checked the mailing list logs and couldn't find with google a
mention of using faces before.

> Humans are generally OK at the former (some better than others) and
> often quite terrible at the latter, partly because real-world faces
> actually do change quite a bit (sunburn, nutrition, sleep, hairstyles,
> dirt, food, facial hair, etc).  we're hard-wired to make loose matches
> in this space, which is sort of the opposite of what you'd want from a
> fingerprinting technique where the adversary gets to try a lot of
> options to find a "close match" that breaks fingerprintability.

Makehuman has around 120 different modifiers for adjusting faces.
You'd have to find the changes which make it clear that the face is a
different person's.  I imagine it would be different if you'd had a
social interaction with the face.

I guess I'm just saying that the number of faces we have to compare to
live normally implies that we can easily distinguish a lot more
information for this specific task than for other tasks.  I think, if
tuned to be similar to real-life face comparison, that they would be
very powerful as fingerprints.  They are also wired in our minds to
represent identity, and could be a route for somebody's key being
their identity in a system where keys are not strongly associated with
real-world identities.

As we interact more with a face, we remember more of the details,
without trying.  The more we've interacted with a face, the harder it
is to deceive us.

More information about the Messaging mailing list