[messaging] Useability of public-key fingerprints

Trevor Perrin trevp at trevp.net
Thu Jan 30 10:17:14 PST 2014 

On Thu, Jan 30, 2014 at 5:06 AM, Ximin Luo <infinity0 at pwned.gg> wrote:
>
> However, I don't think we'll ever get rid of *all* fps. So we should try to improve these as well. These are two distinct topics, there is no conflict.


Yeah, I mostly agree with how Moxie frames this [1]:

 (A) Most people will never check or understand public-key
fingerprints, so we need something more automatic (eg TOFU and/or
trusted infrastructure)

 (B) Those users who *are* motivated to deal with fingerprints will be
motivated enough to make them work whether 25 or 40 chars, base32 or
base16, etc.

But I disagree with Moxie's conclusion that it's not worth improving
useability.  If we can make the UX for (B) easier and less error-prone
we should do so.

--

Someone offlist pointed out a couple studies that are a bit relevant,
though not focused on fingerprints:

http://www.cypherpunks.ca/~iang/pubs/otr_userstudy.pdf
http://cups.cs.cmu.edu/soups/2009/proceedings/a11-kainda.pdf

--

People brought up formats designed for visual or spoken presentation:
 - SSH randomart
 - PGPfone, S/Key, or Koremutake wordlists

I share Daniel's skepticism about randomart and Robert's skepticism
about wordlists [2,3].

These schemes don't seem like much of an improvement over alphanumeric
text, even in their chosen domain.  And they're much more awkward
outside it (speaking a randomart, or fitting, say, 20 words into a
text field).

--

If we're back to text, there's still things to explore:

 * Nathan points out vanity hashes used for Tor hidden services, where
someone varies the to-be-hashed data and does trial hashing until they
find a fingerprint that encodes their name or a value they like the
look of [2].

That idea of spending more cycles up-front to search for a "better"
fingerprint is pretty interesting.  You could do it a couple ways:

(1) Search for a hash value that starts with, say, 20 bits of zeros,
then don't encode them in your fingerprint (as the receiver can assume
them).  This fits a larger effective fingerprint into a smaller one,
so you need fewer chars.

(2) Search for a value that encodes into a base32 fingerprint with an
alternation of vowels and consonants, on the theory that our brains
can "chunk" pronounceable sounds more easily (?)


 * Robert suggests using irregular-sized groups of characters instead
of fixed-length groups to make it harder for people to get confused
about which group they're transcribing or speaking.  That seems novel
and easy to try.


 * Alphabet selection is an another question.  I like base32, but the
RFC 4648 version is what people have in libraries, and the 'l' is an
unfortunate lowercase character in a lot of fonts...


Trevor


[1] https://moderncrypto.org/mail-archive/messaging/2014/000011.html
[2] https://moderncrypto.org/mail-archive/messaging/2014/000013.html
[3] https://moderncrypto.org/mail-archive/messaging/2014/000010.html

More information about the Messaging mailing list