[messaging] between fingerprint transcription and comparison

Stefan Birgmeier e0725468 at student.tuwien.ac.at
Mon Mar 10 10:08:11 PDT 2014

On 10/03/14 17:44, Daniel Kahn Gillmor wrote:
> Hi folks--
> Thinking about Tom's proposed usability testing gave me another idea for
> a fingerprint comparison UI, which i wanted to float here.  It might be
> a terrible idea.
> I think we all agree that fingerprint transcription is more effective at
> avoiding a false match than comparison with "click OK" -- but
> transcription is also more tedious, prone to human error, and more time
> consuming.
> I wonder if it's possible to split the difference from a UI/UX
> perspective somehow.
> For example, if the application knows that the user is in a use case
> where the user is trying to compare the current connection's fingerprint
> with something they have received out of band, rather than displaying
> the actual fingerprint received on the wire, the UI could display
> several candidate fingerprints and have them choose the correct one from
> the set, like a police lineup.  This could even be done more than once,
> with the "correct" print listed in each of them (or with "the
> fingerprint is not listed here" as an option).
> Care would have to be taken to present only subtle variations, or to
> include the "not listed here" option with greater regularity, or to
> present several pages of different choices so that people have to
> consider each of them.  We want to avoid the "oh, it's the one that
> starts with 6" response.
> Do you think this UX would be an improvement over either "click OK
> comparison" or complete transcription?  Could we make it less tedious
> than transcription, but more secure than "click the OK button to get
> this out of my way and let me get to work" experience?
> What kind of security properties would this hybrid UX have?
> 	--dkg

Maybe split the fingerprint into several parts (like 4), and do as 
suggested with the parts? That would maybe make it less tedious. It also 
makes it more suitable for mobile devices since the screens are not that 
wide. Your proposal sounds good for mobile devices - you do not have to 
use a virtual keyboard to type in the fingerprint while avoiding the 
let's-just-click-ok scenario.


More information about the Messaging mailing list