[messaging] "Pseudoword" base32 fingerprints
Robert Ransom
rransom.8774 at gmail.com
Wed Feb 5 18:02:06 PST 2014
On 2/5/14, Peter Eckersley <pde-lists at eff.org> wrote:
> I don't think the words necessarily need to be spelled out. With some
> processing, couldn't you could remove all words from the list that have low
> edit distances from each other, thereby ensuring that (if both parties have
> the words in front of them) letter-by-letter transcription is unecessary?
No one can memorize a 65536-element set of words, either in the sense
of being able to reliably recognize that a word is in the set, or in
the sense of being able to find the ‘closest’ element of the set to a
given word.
Not all parties will be able to set up an interactive network
connection between their trusted computing devices while they are
communicating a key fingerprint. Not all parties will have access to
error-detection or error-correction software for a particular
fingerprint representation, or to a textual description of the
fingerprint representation sufficient to detect or correct errors,
while they are receiving a key fingerprint.
Given those constraints, I still have no reason to change the opinion
that I stated in
<https://moderncrypto.org/mail-archive/messaging/2014/000010.html>:
base32 is the most efficient representation for any ‘cryptovariable’
which must be transmitted by voice.
Robert Ransom
More information about the Messaging
mailing list