[messaging] Useability of public-key fingerprints
Trevor Perrin
trevp at trevp.net
Thu Jan 30 17:50:16 PST 2014
#1 d1:bc:df:32:a2:45:2e:e0:96:d6:a1:7c:f5:b8:70:8f
#2 ba:06:7f:d2:b9:74:a8:0a:13:cb:a2:f7:e0:10:59:a0
On Thu, Jan 30, 2014 at 4:34 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Trevor Perrin <trevp at trevp.net> writes:
>
>>(A) Most people will never check or understand public-key fingerprints, so we
>>need something more automatic (eg TOFU and/or trusted infrastructure)
>
> See for example "Do Users Verify SSH Keys?" (Abstract: "No"),
> https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf.
>
>>(B) Those users who *are* motivated to deal with fingerprints will be
>>motivated enough to make them work whether 25 or 40 chars, base32 or base16,
>>etc.
>
> They'll be motivated enough to do some checking, but given result from work on
> fuzzy fingerprints (referenced in the above article) no-one but the most
> singularly OCD will actually do the check properly, i.e. rigorously check all
> 40 characters for every key they deal with.
You're referring to the THC tool, which Daniel also mentioned.
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.121.5679&rep=rep1&type=pdf
I'm including its examples from the paper and Jon Erickson's book
(compare #1 at the top and bottom of this email, and #2). They're
pretty easy to tell apart, IMO.
But I dunno, maybe I'm wrong. My larger point is that I wish there
were actual user studies and serious research on these questions. And
if that doesn't exist, maybe we should try to encourage it...
Trevor
#1 d6:b7:df:31:aa:55:d2:56:9b:32:71:61:24:08:44:87
#2 ba:06:7e:b2:64:13:cf:0f:a4:69:17:d0:60:62:69:a0
More information about the Messaging
mailing list