[curves] Pseudo-word length patterns for curve-sized base32 strings

Trevor Perrin trevp at trevp.net
Wed Jan 29 09:34:21 PST 2014


On Wed, Jan 29, 2014 at 2:43 AM, Robert Ransom <rransom.8774 at gmail.com> wrote:
> It can be difficult to copy or read (e.g. over a telephone) a long
> sequence of characters, even if the sequence is punctuated into
> several chunks of uniform length.
[...]
>
> I have experimented with using pseudo-words of non-uniform length on a
> single line; varying chunk lengths does seem to improve my ability to
> read and copy strings.

Interesting observation...  "Human useability" of public-keys (and
fingerprints) is an important topic which needs more exploration.

A lot of new end-to-end crypto protocols are using fingerprints as a
primary auth mechanism, and de-emphasizing certificate or
"web-of-trust" approaches.  Yet feedback from the field is still kind
of alarming, e.g.

https://blog.crypto.cat/2014/01/cryptocat-at-the-openitp-dc-hackathon/

And there's a lot of open questions which useability researchers could
help answer:
  Should we search for zero-prefixed fingerprints during key-gen, to
shave off bits?
  Encode a version into fingerprint?
  Word lists vs. characters?
  How many characters?
  Which alphabet (base32?  which version?)
  Which capitalization?
  Which chunk sizes?
  Which chunk separators?

There's a "messaging at moderncrypto.org" list set up and I think this
would be a great topic to discuss over there, I'll try to get it
started...


Trevor


More information about the Curves mailing list