[messaging] Let's run a usability study (was Useability of public-key fingerprints)
drt24+messaging at cam.ac.uk
Mon Mar 24 02:57:29 PDT 2014
In terms of visual hashes I asked Nicholas Wilson about them as he
did an investigation of them a year or so ago and I think came to the
conclusion that they weren't useful.
Some of his comments follow:
> The problem ultimately was that people aren't as visual as we think we
> are. We can spot things like "lion", or "tree" very well, but even
> with perfectly memorable images (ie non-random, visually distinctive
> ones like stuff pulled from flickr) we just can't remember enough
> detail from the picture - according to one study, we zone out at a
> detail level of around 2^32 at best, 2^24 practically.
> Identicons are a catastrophe for cryptographic use - there's no way an
> average person can distinguish more than 2^20 different polygonal
> pictures. Given one picture, it's not hard to make a key whose
> fingerprint has the roughly the same polygons and colours. Do not use!
> Similarly I think the OpenSSH art is highly susceptible to producing
> almost-duplicate splodges. Certainly nowhere near as good as
> https://github.com/thevash/vash which is the best (has many
> improvements over Andrej Bauer's original solution).
> My best attempt was "stacking" various pictures, eg requiring the user
> to remember a grid of five images taken from a flickr-derived
> database. That's good, but I'd still be surprised if it's all that
> resistant to brute-forcing.
> Ultimately, word-based visualisations are the best I could find. I
> suggest Oren Tirosh's mnemonicode. Remembering 64 bits without error
> is very easy. Our brains are best at taking in the bits when they're
> done as a sequence. Here's a 64-bit sequence: "Albert studio giant.
> Nevada safari Asia." It can be written down too, which is very nice
> (images certainly can't), and as proof it's easy to remember you don't
> even have to glance between the screen and the paper.
I can chase up citations if that would be useful.
On 23/03/14 17:21, Tom Ritter wrote:
> About a week late, but updated:
> Some of the larger Open Questions:
> - Are we settled on unicorns? (This is more about how it's generated:
> - We have two participants speaking fingerprints aloud to each other.
> Do we want them to do it over a cell phone to add difficulty, or just
> omit that bit?
> - We're settled on not trying to do a head-fake?
> On 13 March 2014 09:29, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> On 03/13/2014 02:18 AM, Tom Ritter wrote:
>>> On 11 March 2014 00:41, Trevor Perrin <trevp at trevp.net> wrote:
>>>> Fingerprint Types
>>>> - Visual and poetry fingerprints seem worth including.
>>> Does anyone have a preference for type of visual fingerprint? Some of
>>> the implementations I know of are:
>>> - Identicons: http://haacked.com/archive/2007/01/22/Identicons_as_Visual_Fingerprints.aspx/
>>> - Monsters: http://www.splitbrain.org/projects/monsterid
>>> - Wavatars: http://www.shamusyoung.com/twentysidedtale/?p=1462
>>> - Unicorns (really)
>>> I think I will go with identicons unless anyone really thinks unicorns
>>> is better ;)
>> i think for all of the above, we're going to have a difficult time
>> designing credible similarity metrics that roughly match the metrics
>> used by the "fuzzy fingerprinting" work.
>> i do ♥ the unicorns though.
> Messaging mailing list
> Messaging at moderncrypto.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 901 bytes
Desc: OpenPGP digital signature
More information about the Messaging