[messaging] Audible public-key fingerprints

Arne Renkema-Padmos renkema.padmos at gmail.com
Tue Aug 19 21:09:24 PDT 2014

Interesting link to the digital voice project. I also found this
related work some days ago:

Loud and Clear: Human-Verifiable Authentication Based on Audio

As an alternative to audible communication you could also try
ultrasound, but I'm not sure how well that works quality wise.
Regarding end-user agency in determining when their device broadcasts
their signal: if you don't want broadcasting to happen all the time
(very understandable), then you probably want some kind of explicit
action from the user (tap button, gesture, wiggle phone in a certain
way, etc), or some implicit action (e.g. wearables that detect the
performing of a handshake: http://zenodo.org/record/11163).

As already noted, the "fun" factor might also play a role in going for
audible fingerprints, but how do you keep it fun the 20th time that you're
pairing devices?

About communication of the fingerprint over the phone: maybe JackPair
has some relevant insights?

Arne Padmos

On Tue, Aug 19, 2014 at 12:53 AM, Tony Arcieri <bascule at gmail.com> wrote:
> On Mon, Aug 18, 2014 at 3:49 PM, Tom Ritter <tom at ritter.vg> wrote:
>> If you're going to make a proactive step to exchange contact
>> information, your options are Audio, NFC, and Bluetooth.
> Or something like QR codes.
> I tend to take this view of QR codes:
> http://www.dotdisruption.com/wp-content/uploads/2014/05/qr-code-flow-chart.jpg
> ...but it might actually be the lesser of all evils here. With something
> like Curve25519/Ed25519, a QR code alone should be sufficient to transfer a
> public key.
> --
> Tony Arcieri
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging

More information about the Messaging mailing list