[messaging] Useability of public-key fingerprints

Ximin Luo infinity0 at pwned.gg
Wed Jan 29 18:24:35 PST 2014

On 30/01/14 00:32, Trevor Perrin wrote:
> SSH:      43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
> GPG:      7213 5CAA EA6B 0980 126A  0371 8373 DD15 4D42 48BD
> OTR:      C4E40F71 A92175F8 597A29A7 CB7E0943 B27014FF
> TACK:     g5p5x.ov4vi.dgsjv.wxctt.c5iul
> Bitcoin:  31uEbMgunupShBVTewXjtqbBv5MndwfXhb
> SSH:     128 bits, 32 hex chars
> GPG:     160 bits, 40 hex chars
> OTR:     160 bits, 40 hex chars
> TACK:    125 bits, 25 base32 chars (RFC 4648)
> Bitcoin: 200 bits, 34 base58 chars (160 bits hash + version/checksum)
> There's also some fingerprint innovations that aren't widespread:
>  - Zooko's z-base32
>  - "Hash extension" from RFC 3972 to squeeze more bits into a smaller
> fingerprint
>  - Phonetic alphabets like the PGPfone wordlist

There's a common UI principle that says people can remember 7 (5-9) "things" at once well, where things is some sort of coherent unit. This is consistent with my own personal experience comparing fps.

Visually, I definitely find PGP and OTR fps easier to compare than SSH fps, OTR probably marginally more so, since I can hold 8 characters in my head at once. My eyes go something like this:

screen: C4E40F71->A92175F8  597A29A7->CB7E0943  B27014FF
           ^         |         ^         |         ^
           |         v         |         v         |
paper : C4E40F71  A92175F8->597A29A7  CB7E0943->B27014FF

which I think is the optimum since it reduces "seek time" for your eyes, given a limited "buffer" of characters that you can remember at once. It now takes probably less than 5 seconds for me to do this, after a fair bit of practise (maybe ~100 reps?).

I haven't had much practise comparing TACK or Bitcoin fps, but I imagine that TACK would be even easier than OTR. The separators are massively helpful and vital in my opinion if you expect people to visually compare them. SSH goes a bit overboard though, going past the "5-9" range.

Verbally, I haven't tried doing this. I guess the same principle would apply, and the S/Key (OPIE) dictionary thing that Nate posted seems interesting. It would be interesting to come up with a scheme that is easy to compare both verbally and visually. FWIW, I imagine I'd find it easier to remember 7 spoken random words, than 7 written random words, which is an asymmetry I can't quite explain.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140130/15a375e3/attachment-0001.sig>

More information about the Messaging mailing list