[messaging] Useability of public-key fingerprints

[Nate Lawson]

On Jan 29, 2014, at 4:32 PM, Trevor Perrin <trevp at trevp.net> wrote:

> Some crypto apps let users inspect the public-key hash (aka
> "fingerprint") of the other party, so that it can be compared with a
> value received through a different channel (phone call, business card,
> online directory or website, etc.)
> ...
> SSH:     128 bits, 32 hex chars
> GPG:     160 bits, 40 hex chars
> OTR:     160 bits, 40 hex chars
> TACK:    125 bits, 25 base32 chars (RFC 4648)
> Bitcoin: 200 bits, 34 base58 chars (160 bits hash + version/checksum)
> 
> There's also some fingerprint innovations that aren't widespread:
> - Zooko's z-base32
> - "Hash extension" from RFC 3972 to squeeze more bits into a smaller
> fingerprint
> - Phonetic alphabets like the PGPfone wordlist

I’m not aware of any usability studies, but I always liked the S/Key (OPIE) dictionary. It did 11 bits/word encoding.

http://tools.ietf.org/html/rfc2289#appendix-D

Note that all of these schemes are based on the classic encoding problem in information theory. You have a restricted set of symbols (and maybe grammar for sets of symbols), a noisy channel, and you desire the minimal message size.

I’ve built home-grown pseudo-word generators this way. Based on where you are in the tree, there are a variable number of possibilities for the next symbol output. Decoding traverses the same paths, shifting out one or more bits at each position. Since the input is usually pseudorandom unrelated values, you can’t gain much by adapting the model for repeated exchanges between the same parties.

-Nate