[messaging] Let's run a usability study (was Useability of public-key fingerprints)

Trevor Perrin trevp at trevp.net
Thu Feb 13 14:01:35 PST 2014

On Thu, Feb 13, 2014 at 6:06 AM, Tom Ritter <tom at ritter.vg> wrote:
> On 12 February 2014 04:19, Trevor Perrin <trevp at trevp.net> wrote:
>>> Some of the places where I see fingerprints continuing to be useful
>>> far into the future:
>>>  - Business Cards. My key is at <this url> and the fingerprint is [field]
>>>  - You are handed a new device and {don't have access to your database
>>> of trusted fingerprints/need to accomplish work, quickly}. Your
>>> contact sends you a <OTR message/pgp-signed message/whatever>. Do you
>>> recognize this fingerprint?
>>>  - "Here, SSH into my server, I set you up an account." "Is <this> the
>>> SSH fingerprint?" "Uh.... yea I recognize that."
>> Interesting that your 2nd and 3rd cases involve recognizing a
>> fingerprint from long-term memory.  That's a hard use case for
>> fingerprints.  At most I'd expect a user to remember a few bytes,
>> which isn't a secure check.
> It is a hard use case - but it happens to me regurally. I doubt I'm
> the only one who in the real world is pressured to complete work
> quickly and not delay by forcing either colleagues or clients to walk
> back to their desk/pick up the phone and verify a fingerprint.

People have trouble remembering a small number of low-entropy
passwords that they choose.  Asking them to remember a high-entropy
fingerprint (visual or otherwise) for everyone they communicate with
seems totally impractical.

Here's how I think your cases get handled:

"You are handed a new device..."
 * If you're borrowing someone's device you'll get whatever key
authentication it's doing (based on their contact list, or online
lookups).  If they don't have an existing contact or way of looking up
the key for someone, and you don't have some copy of that fingerprint
to compare against, then you don't get key authentication.
 * If you're switching from one device you own to another then you'll
sync your contact database.

"Here, SSH into my server..."  Translated to messaging this is: "Here,
email this guy..."  "Is <this> his PGP key?".  If I have a phone or
laptop handy, I can pull up his fingerprint from my contacts database
and we can compare it.  Otherwise, you do TOFU, or look the key up
somewhere else, or I tell you later.

>> The main use case I see is comparing two fingerprints, one on your
>> screen for your communication partner, and one you're checking against
>> (from a phone call, a slip of paper, a friend's screen, a webpage,
>> etc.)
> I think that's a common use case, the one I would put that is slightly
> more common is I need to check a fingerprint against nothing. I have a
> signed email, or I have an email I'm about the encrypt, or I have a
> new instant message and I need to figure out if this fingerprint is
> genuine.  I *could* go google for a web page to assert validity that
> way (or query that PGP-in-DNS thing) - but that's asking too much of a
> regular user.  We should remember this use case.

If you have nothing to check against it doesn't get checked, so
fingerprint useability is irrelevant, right?  Your app just does TOFU
or online lookup...

>>> Besides Trevor's examples:
>>> Here are some already made:
>>>  - Identicons:
>>> http://haacked.com/archive/2007/01/22/Identicons_as_Visual_Fingerprints.aspx/
>>>  - Monsters: http://www.splitbrain.org/projects/monsterid
>>>  - Wavatars: http://www.shamusyoung.com/twentysidedtale/?p=1462
>>>  - Unicorns (really)
>>> http://meta.stackoverflow.com/questions/37328/my-godits-full-of-unicorns
>>> Here are some more ideas:
>>>  - A spirograph
>>>  - A color pattern, a gradient
>>>  - A floral pattern, or flannel, etc
>>>  - A geometric plot on a Cartesian graph
>>>  - A geometric plot on a globe (potentially limited to landmasses and
>>> ignoring oceans)
>> I agree with dkg's skepticism of visual fingerprints [1].  They're
>> less flexible than text which can be handwritten or verbalized.  I
>> don't know any studies showing they're effective.
> Do we know studies saying that PGP fingerprints are effective?


>> And the main
>> argument seems to be that they make it easy to notice that unrelated
>> fingerprints are different.  But that's easy even with text!
> I disagree. In the context that visual fingerprints would be used
> (that is, every time you X, you see the fingerprint) I'm going to
> suggest that detections _can_ be detected by ordinary users, while a
> textual fingerprint in the same situation would not.

Well, it's good we have a testable disagreement.

I only say this cause I like you, but I think this is crazy...  You're
proposing presenting a unique-per-correspondent 100ish-bits-of-entropy
image to users every time they communicate, on the hopes they sink
into the user's memory.

Then during the occassional case when they're looking at a new device
you expect them to remember *EXACTLY* what the corresponding image is,
and not get fooled by a "fuzzy match" constructed by someone who could
do, say, 2^70 searching.

I'm skeptical about "fuzzy matches" fooling people in side-by-side
comparison.  But I bet they'd be very effective against someone trying
to recall one of hundreds of these things from long-term memory.
("Tom's fingerprint was a spiky pink thing, I think?  Or was that
Moxie?  That red-swirly thing looks familiar, it's probably right, I

There's research on using images for "security questions", or
anti-phishing "security images" that banks show.  I think you're
arguing by analogy with that.

But these have rate-limiting on guesses and/or are secret, so they can
be chosen from a very low entropy space.

But asking users to deal with a large number of images, which
attackers can see and perform extensive offline search to "match", is
very different.


More information about the Messaging mailing list