[messaging] "Pseudoword" base32 fingerprints

Joseph Bonneau jbonneau at gmail.com
Wed Feb 5 15:09:38 PST 2014 

Good project idea Trevor. There are a lot of related tools which aim to
make random pronounceable passwords. Two for Linux are:

pwgen: zae7IiB7 phoosu1U Hu5meed8 aeY4eeGu oht6ax9M aD4taur4 Ohpai5sh
sheiGah8
apg: odripAbag6 (o-drip-Ab-ag-SIX) AzMykUpt3opo (Az-Myk-Upt-THREE-op-o)

There's also a whole zoo of online tools:
http://www.hongkiat.com/blog/password-generators/

In general, I think it would nice to have a library for turning random bits
into "human-friendly form". This might include a tradeoff for
length/painlessness, but we would also surely get different results if we
optimize for:
a) easy for humans to spot differences
b) easy for humans to pronounce/hear/type
c) easy for humans to remember

We would also probably end up with a different algorithm for different
language populations...

There's a really a lot here. It might be worthwhile as a first step just to
enumerate the possible design constraints.

Cheers

Joe



On Wed, Feb 5, 2014 at 2:16 PM, Trevor Perrin <trevp at trevp.net> wrote:

> Based on some ideas from the "Useability of public-key fingerprints"
> thread, I wrote code that searches for base32 fingerprints with a lot
> of vowel/consonant transitions, on the theory that they would resemble
> words and thus be easier to deal with.  For example, these were found
> in a few seconds:
>
>     gacuqk - aqoq - ecsag - biza - sjebre
>
>     oltmad - yaye - gekiw - vebu - wiveld
>
>     faketn - ejor - osohe - 2naw - aqafet
>
>
> Compare to (SSH/PGP/OTR):
>
>
>     43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
>
>     7213 5CAA EA6B 0980 126A  0371 8373 DD15 4D42 48BD
>
>     C4E40F71 A92175F8 597A29A7 CB7E0943 B27014FF
>
>
> I think I'm liking this, though I don't yet understand its expected
> search times, possible optimizations, or whether there are better
> scoring algorithms...
>
> Anyways, feedback welcome! -
>
> https://github.com/trevp/keyname
>
>
> Trevor
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140205/9befc906/attachment.html>

More information about the Messaging mailing list