[messaging] "Pseudoword" base32 fingerprints

Robert Ransom rransom.8774 at gmail.com
Wed Feb 5 18:02:06 PST 2014

On 2/5/14, Peter Eckersley <pde-lists at eff.org> wrote:
> I don't think the words necessarily need to be spelled out.  With some
> processing, couldn't you could remove all words from the list that have low
> edit distances from each other, thereby ensuring that (if both parties have
> the words in front of them) letter-by-letter transcription is unecessary?

No one can memorize a 65536-element set of words, either in the sense
of being able to reliably recognize that a word is in the set, or in
the sense of being able to find the ‘closest’ element of the set to a
given word.

Not all parties will be able to set up an interactive network
connection between their trusted computing devices while they are
communicating a key fingerprint.  Not all parties will have access to
error-detection or error-correction software for a particular
fingerprint representation, or to a textual description of the
fingerprint representation sufficient to detect or correct errors,
while they are receiving a key fingerprint.

Given those constraints, I still have no reason to change the opinion
that I stated in
base32 is the most efficient representation for any ‘cryptovariable’
which must be transmitted by voice.

Robert Ransom

More information about the Messaging mailing list