[messaging] Useability of public-key fingerprints

George Kadianakis desnacked at riseup.net
Wed Jan 29 17:03:05 PST 2014 

Trevor Perrin <trevp at trevp.net> writes:

> Some crypto apps let users inspect the public-key hash (aka
> "fingerprint") of the other party, so that it can be compared with a
> value received through a different channel (phone call, business card,
> online directory or website, etc.)
>
> There's a lot of variation in how public-key fingerprints are
> presented (alphabet, number of chars, capitalization, grouping,
> separators, etc).  For example:
>
> SSH:      43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
>
> GPG:      7213 5CAA EA6B 0980 126A  0371 8373 DD15 4D42 48BD
>
> OTR:      C4E40F71 A92175F8 597A29A7 CB7E0943 B27014FF
>
> TACK:     g5p5x.ov4vi.dgsjv.wxctt.c5iul
>
> Bitcoin:  31uEbMgunupShBVTewXjtqbBv5MndwfXhb
>
>
> SSH:     128 bits, 32 hex chars
> GPG:     160 bits, 40 hex chars
> OTR:     160 bits, 40 hex chars
> TACK:    125 bits, 25 base32 chars (RFC 4648)
> Bitcoin: 200 bits, 34 base58 chars (160 bits hash + version/checksum)
>
> There's also some fingerprint innovations that aren't widespread:
>  - Zooko's z-base32
>  - "Hash extension" from RFC 3972 to squeeze more bits into a smaller
> fingerprint
>  - Phonetic alphabets like the PGPfone wordlist
>
> Anyways, these are somewhat large strings for users to handle, so it
> seems worth trying to streamline the experience and reduce error-rates
> due to soundalike or lookalike characters as much as we can.
>
> I'm a little surprised I can't find more useability research here, except for:
>  - https://blog.crypto.cat/2014/01/cryptocat-at-the-openitp-dc-hackathon
>  - https://moderncrypto.org/mail-archive/curves/2014/000011.html
>
> Are there other studies?  Are there any "best practices" emerging?
>

Hm. You might find some interesting references in the paper that
introduced the SSH "randomart" scheme. The paper is called "Hash
Visualization: a New Technique to Improve Real-World Security" and
contains a bunch of interesting ideas.

I agree with you that the UX of public-key validation can be improved
vastly. The comment on the cited cryptocat blog post about the word
"fingerprint" terrifying users is also interesting.

More information about the Messaging mailing list