[curves] Pseudo-word length patterns for curve-sized base32 strings
Trevor Perrin
trevp at trevp.net
Wed Jan 29 09:34:21 PST 2014
On Wed, Jan 29, 2014 at 2:43 AM, Robert Ransom <rransom.8774 at gmail.com> wrote:
> It can be difficult to copy or read (e.g. over a telephone) a long
> sequence of characters, even if the sequence is punctuated into
> several chunks of uniform length.
[...]
>
> I have experimented with using pseudo-words of non-uniform length on a
> single line; varying chunk lengths does seem to improve my ability to
> read and copy strings.
Interesting observation... "Human useability" of public-keys (and
fingerprints) is an important topic which needs more exploration.
A lot of new end-to-end crypto protocols are using fingerprints as a
primary auth mechanism, and de-emphasizing certificate or
"web-of-trust" approaches. Yet feedback from the field is still kind
of alarming, e.g.
https://blog.crypto.cat/2014/01/cryptocat-at-the-openitp-dc-hackathon/
And there's a lot of open questions which useability researchers could
help answer:
Should we search for zero-prefixed fingerprints during key-gen, to
shave off bits?
Encode a version into fingerprint?
Word lists vs. characters?
How many characters?
Which alphabet (base32? which version?)
Which capitalization?
Which chunk sizes?
Which chunk separators?
There's a "messaging at moderncrypto.org" list set up and I think this
would be a great topic to discuss over there, I'll try to get it
started...
Trevor
More information about the Curves
mailing list