[messaging] Useability of public-key fingerprints
Trevor Perrin
trevp at trevp.net
Thu Jan 30 10:17:14 PST 2014
On Thu, Jan 30, 2014 at 5:06 AM, Ximin Luo <infinity0 at pwned.gg> wrote:
>
> However, I don't think we'll ever get rid of *all* fps. So we should try to improve these as well. These are two distinct topics, there is no conflict.
Yeah, I mostly agree with how Moxie frames this [1]:
(A) Most people will never check or understand public-key
fingerprints, so we need something more automatic (eg TOFU and/or
trusted infrastructure)
(B) Those users who *are* motivated to deal with fingerprints will be
motivated enough to make them work whether 25 or 40 chars, base32 or
base16, etc.
But I disagree with Moxie's conclusion that it's not worth improving
useability. If we can make the UX for (B) easier and less error-prone
we should do so.
--
Someone offlist pointed out a couple studies that are a bit relevant,
though not focused on fingerprints:
http://www.cypherpunks.ca/~iang/pubs/otr_userstudy.pdf
http://cups.cs.cmu.edu/soups/2009/proceedings/a11-kainda.pdf
--
People brought up formats designed for visual or spoken presentation:
- SSH randomart
- PGPfone, S/Key, or Koremutake wordlists
I share Daniel's skepticism about randomart and Robert's skepticism
about wordlists [2,3].
These schemes don't seem like much of an improvement over alphanumeric
text, even in their chosen domain. And they're much more awkward
outside it (speaking a randomart, or fitting, say, 20 words into a
text field).
--
If we're back to text, there's still things to explore:
* Nathan points out vanity hashes used for Tor hidden services, where
someone varies the to-be-hashed data and does trial hashing until they
find a fingerprint that encodes their name or a value they like the
look of [2].
That idea of spending more cycles up-front to search for a "better"
fingerprint is pretty interesting. You could do it a couple ways:
(1) Search for a hash value that starts with, say, 20 bits of zeros,
then don't encode them in your fingerprint (as the receiver can assume
them). This fits a larger effective fingerprint into a smaller one,
so you need fewer chars.
(2) Search for a value that encodes into a base32 fingerprint with an
alternation of vowels and consonants, on the theory that our brains
can "chunk" pronounceable sounds more easily (?)
* Robert suggests using irregular-sized groups of characters instead
of fixed-length groups to make it harder for people to get confused
about which group they're transcribing or speaking. That seems novel
and easy to try.
* Alphabet selection is an another question. I like base32, but the
RFC 4648 version is what people have in libraries, and the 'l' is an
unfortunate lowercase character in a lot of fonts...
Trevor
[1] https://moderncrypto.org/mail-archive/messaging/2014/000011.html
[2] https://moderncrypto.org/mail-archive/messaging/2014/000013.html
[3] https://moderncrypto.org/mail-archive/messaging/2014/000010.html
More information about the Messaging
mailing list