[messaging] Short Authentication String usability study
Tony Arcieri
bascule at gmail.com
Sat Dec 19 17:20:25 PST 2015
I know several people (including myself) who are fans of Short
Authentication Strings as used in the ZRTP voice call protocol, implemented
apps like RedPhone and Signal. The basic idea is to compute a value from
the shared secret, turn that value into words, and have the two parties
compare the words over a potentially insecure channel.
I was somewhat sad to see that they didn't seem to be very effective in the
only usability study I've seen on them:
http://www.technologyreview.com/news/544516/user-error-compromises-many-encrypted-communication-apps/
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151219/e0388be2/attachment.html>
More information about the Messaging
mailing list