[messaging] Useability of public-key fingerprints
Trevor Perrin
trevp at trevp.net
Wed Jan 29 16:32:39 PST 2014
Some crypto apps let users inspect the public-key hash (aka
"fingerprint") of the other party, so that it can be compared with a
value received through a different channel (phone call, business card,
online directory or website, etc.)
There's a lot of variation in how public-key fingerprints are
presented (alphabet, number of chars, capitalization, grouping,
separators, etc). For example:
SSH: 43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
GPG: 7213 5CAA EA6B 0980 126A 0371 8373 DD15 4D42 48BD
OTR: C4E40F71 A92175F8 597A29A7 CB7E0943 B27014FF
TACK: g5p5x.ov4vi.dgsjv.wxctt.c5iul
Bitcoin: 31uEbMgunupShBVTewXjtqbBv5MndwfXhb
SSH: 128 bits, 32 hex chars
GPG: 160 bits, 40 hex chars
OTR: 160 bits, 40 hex chars
TACK: 125 bits, 25 base32 chars (RFC 4648)
Bitcoin: 200 bits, 34 base58 chars (160 bits hash + version/checksum)
There's also some fingerprint innovations that aren't widespread:
- Zooko's z-base32
- "Hash extension" from RFC 3972 to squeeze more bits into a smaller
fingerprint
- Phonetic alphabets like the PGPfone wordlist
Anyways, these are somewhat large strings for users to handle, so it
seems worth trying to streamline the experience and reduce error-rates
due to soundalike or lookalike characters as much as we can.
I'm a little surprised I can't find more useability research here, except for:
- https://blog.crypto.cat/2014/01/cryptocat-at-the-openitp-dc-hackathon
- https://moderncrypto.org/mail-archive/curves/2014/000011.html
Are there other studies? Are there any "best practices" emerging?
Trevor
More information about the Messaging
mailing list