[messaging] Test Data for the Usability Study

Christine Corbett Moran corbett at alum.mit.edu
Mon May 26 03:13:05 PDT 2014


it's a bit hackish but a simple pass would be to use nltk
here's an example gist out there on getting pronunciation
https://gist.github.com/ConstantineLignos/1219749

two words "sound alike" if they have some specified edit distance between
their two pronunciations. e.g. one phone apart, or some more complicated
measure.

C


On Mon, May 26, 2014 at 11:55 AM, Michael Rogers
<michael at briarproject.org>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 26/05/14 01:15, Tom Ritter wrote:
> > Third: Figure out how to approximate an attacker who can perform
> > 2^80 calculations in the 'weird' cases.  For a 32-character hex
> > fingerprint, a 2^80 attacker can match 20 characters.
> >
> > Weird Case 1: An attacker matches the beginning and end parts of
> > the fingerprint to try and trick someone doing a visual compare.
> > Clearly, matching the beginning and ending 10 characters exactly is
> > harder than matching any 20. but how much harder? Would a match of
> > the beginning and ending 8 characters correctly characterize a 2^80
> > attacker?
>
> As I've mentioned before, I don't think we can make a fair comparison
> of 'weird' attacks across fingerprint representations.
>
> Having said that... a 2^80 attacker can match 20 characters at chosen
> positions. I don't know how to calculate how many characters a 2^80
> attacker could match at unchosen positions, but it seems to me that it
> would depend on the number of positions, i.e. the length of the
> fingerprint.
>
> > Weird Case 2: An attacker tries the match the fingerprint by
> > pronunciation to try and trick someone doing a vocal compare.
> > Again, matching 20 characters exactly and making the remaining 12
> > 'sound alike' is harder than just matching 20. Would an attacker
> > getting 28 characters to 'sound alike' and have the rest match
> > exactly approximate a 2^80 attack?
>
> We don't even have a metric for 'sound alike', so this question isn't
> well-founded.
>
> Cheers,
> Michael
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQEcBAEBCAAGBQJTgw+IAAoJEBEET9GfxSfMF08H+wWrntqdVbKp34QbtcQoGe4W
> uCKggnCp1rJvWqcJ8V/FaOpOqvneXPL1ttl4TWn+hA1p+7tObz8R9gQDrtdqrdrH
> 9E4tOSLrCtGpGL9p8kAGfEHIzoXi4lTZO6dLiolI6VR7KgiKjHsBA61wWpYtfVyK
> i7vL/k7H+vi1HqnfwptRNet9gzC5bFZauSnMp+/Zc/pYd5ucQpbABBA+8vETaC7R
> IeX1fQChREgxVD2UURclr2EqLHBSVbSxtGeKtHuENkyI8VljwKYJe3mMmnkMhsLS
> hdnOjjKN8lYSCSh7maxWfIPSqfchC9FmOUDq+6qhhVOxaSC/QvIhTidsGRpq074=
> =UIW+
> -----END PGP SIGNATURE-----
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140526/6493cecd/attachment.html>


More information about the Messaging mailing list