[messaging] Useability of public-key fingerprints

Moxie Marlinspike moxie at thoughtcrime.org
Wed Jan 29 21:21:45 PST 2014

On 01/29/2014 04:32 PM, Trevor Perrin wrote:
> I'm a little surprised I can't find more useability research here, except for:
>  - https://blog.crypto.cat/2014/01/cryptocat-at-the-openitp-dc-hackathon
>  - https://moderncrypto.org/mail-archive/curves/2014/000011.html
> Are there other studies?  Are there any "best practices" emerging?

In the context of messaging, regardless of how a fingerprint is
presented, my sense is that the entire concept makes no sense to the
bulk of users.

Go to a "crypto party" and watch the faces of participants when the
facilitators demonstrate exchanging fingerprints.  Faces tend to start
at bland confusion, until about 15 seconds into the facilitator reading
random hex digits aloud, at which point they evolve to a distinct "what
the fuck?"

Subsequent questions tend to include things like "wait, what's the
difference between a key and a fingerprint?" There's no great reason a
person who wants to send messages should need to know that.

My intuition is that we just shouldn't be showing the user a fingerprint
at all if even remotely possible (TOFU).  If it's necessary to display a
real fingerprint at some point, the user isn't going to have any idea
what's going on, so it probably doesn't matter whether it's a set of
gibberish words, a hex string, or b32 character string.

SAS might be a different story in very specific contexts, but it's
likely a non-starter in the case of async messaging.

- moxie


More information about the Messaging mailing list