[messaging] Let's run a usability study (was Useability of public-key fingerprints)

Christine Corbett Moran corbett at alum.mit.edu
Thu Mar 13 00:14:40 PDT 2014

I actually do prefer the monsters or unicorns > identicons

>From a usability perspective, making verifying fingerprints (collecting a
zoo of monsters or unicorns) isn't such a bad idea and having some
attachment to your personal fingerprint.

The only concern is I think any imagery may be more difficult to have
fidelity to the original fingerprint vs. something more algorithmic looking
such as the Identicon.

In that sense, if users are scared of "fingerprint" we could also call it
something like a "cryptographic avatar"


On Thu, Mar 13, 2014 at 7:52 AM, Trevor Perrin <trevp at trevp.net> wrote:

> On Wed, Mar 12, 2014 at 11:18 PM, Tom Ritter <tom at ritter.vg> wrote:
>> On 11 March 2014 00:41, Trevor Perrin <trevp at trevp.net> wrote:
>> > Fingerprint Types
>> >  - Visual and poetry fingerprints seem worth including.
>> Does anyone have a preference for type of visual fingerprint?  Some of
>> the implementations I know of are:
>>  - Identicons:
>> http://haacked.com/archive/2007/01/22/Identicons_as_Visual_Fingerprints.aspx/
>>  - Monsters: http://www.splitbrain.org/projects/monsterid
>>  - Wavatars: http://www.shamusyoung.com/twentysidedtale/?p=1462
>>  - Unicorns (really)
>> http://meta.stackoverflow.com/questions/37328/my-godits-full-of-unicorns
>> I think I will go with identicons unless anyone really thinks unicorns
>> is better ;)
> I think this is the most referenced:
> "Hash Visualization: a New Technique to improve Real-World Security"
> https://sparrow.ece.cmu.edu/group/pub/old-pubs/validation.pdf
> As far as poetry goes, I think I missed that, couldn't see it in
>> archives either.  Is there a reference to what poetry fingerprints
>> would look like?  Is it significantly different from english words?
> https://moderncrypto.org/mail-archive/messaging/2014/000125.html
>> > Modulating Speed
>> >  - For the "Spoken Aloud" test, why not just have pairs of subjects
>> compare
>> > the fingerprints by speaking to each other?
>> Is the idea here to make the speed at which fingerprints are read
>> variable, but out of the control of the experiement conductor, so it's
>> variable in a "simulating the real world" sense?
> Yeah, it seems like a more realistic test, since it allows subjects to
> come up with clever strategies to communicate things (e.g. a phonetic
> alphabet), or stumble over things (accents, getting confused over where
> they are in the char sequence, etc.)
> > Error Rates
>> >  - I'm not sure about the '"One Subtle Flaw" case, because the
>> fingerprints
>> > have different notions of "tokens" so this will be hard to compare
>> between
>> > formats.  Also, it doesn't model a realistic attacker.
>> I agree it doesn't model a real attacker, but I thought it might help
>> us draw conclusions better.  Instead of just saying "Most users are
>> not fooled by a 2^80 match", perhaps we can say "If users actually
>> verify fingerprints, most are not fooled by any unmatching bytes."
>> Across the spectrum of unmatching bytes (from all bytes unmatching to
>> no bytes unmatching) test points along the spectrum to see if there's
>> a dropoff.  Granted we're only testing a couple points, but it seemed
>> this was a good point on the spectrum.
> Maybe, though I still think it's less useful than considering plausible
> attacks, so I wouldn't put that test as a high priority.
> Trevor
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140313/00677c4a/attachment.html>

More information about the Messaging mailing list