GnuPG patch: long fingerprints using PGP biometric word lists

Rohan Talip Rohan_Talip at email.com
Sun Mar 4 20:24:01 CET 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I was using PGP Freeware 6.5.8 for Windows last year and liked the long
format that it had for fingerprints.  This is from the help text and user
guide:

  The word list in the fingerprint text box is made up of special
  authentication words that PGP uses and are carefully selected to be
  phonetically distinct and easy to understand without phonetic ambiguity.
  The word list serves a similar purpose as the military alphabet, which
  allows pilots to convey information distinctly over a noisy radio
  channel.

  But the military alphabet has 26 words, each word representing one
  letter.  For our purposes, our list has 256 carefully selected
  phonetically distinct words to represent the 256 possible byte values of
  0 to 255.

  The safest way to check a fingerprint is to call the person and have
  them read the fingerprint to you over the phone and compare it to the
  fingerprint on your copy of their public key.


In my patch, the diff is between gnupg-1.0.4p1 (GnuPG 1.0.4 plus the
security patch,
ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.security-patch1.diff)
and gnupg-1.0.5rc1 (GnuPG 1.0.5 release candidate 1, as I think it is
time for a new version of GnuPG, which includes the security patch and my
attached patch).

Here is the signature for the attached patch:

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5rc1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjqikLYACgkQjfCD1PgC3xjI3QCg7C0eWv5cedY3uEAawbx7DGh3
ZdAAoO9Mlnvp3pi0yEhApm3i8bMnsHiR
=bAN3
- -----END PGP SIGNATURE-----


(My GnuPG key can be found on http://www.keyserver.net)


I have also attached a PNG image of PGP Freeware 6.5.8 displaying my
fingerprint in PGP biometric words, the signature for which is here:

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5rc1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjqikEQACgkQjfCD1PgC3xhR5gCfVP4vHWr5Y2BQZQRQG71N52IJ
PmwAoKQx8IOqTGDv/zHpE7JSnSzmfcMq
=kcrw
- -----END PGP SIGNATURE-----


I have added some new options to gpg:
"-f" short for "--fingerprint", which already existed
"-F" short for "--long-fingerprint"
"-l" short for "--list-keys"


The fingerprint for my public key in PGP biometric words as reported by
gpg:

gnupg-1.0.5rc1/bin rohan at tsunami%1 ./gpg -F Rohan
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
pub  1024D/F802DF18 2000-11-23 Rohan Talip <Rohan_Talip at email.com>
     Key fingerprint = FEEE 7DED 702A 3498 285E  4F0A 8DF0 83D4 F802 DF18
                       woodlark   universe       klaxon     unify
                       guidance   chambermaid    choking    narrative
                       breadline  finicky        dropper    Apollo
                       optic      upcoming       Mohawk     souvenir
                       Vulcan     aftermath      talon      borderline
sub  2048g/5C130AAB 2000-11-23


The GnuPG 1.0.5rc1 (1.0.5 release candidate 1) version string was chosen
to explicitly give the above warning, until such time as Werner Koch
chooses to release a proper new version.

The biometric words in the fingerprint are meant to be read left to right,
as in normal English prose.

The biometric words used can be found at the end of the PGP Freeware 6.5.8
Users Guide.  I wish I had found them before I started this sub-project; I
should have Read The Fine Manual (RTFM).  I actually spent quite a long
time downloading public keys from http://www.keyserver.net with particular
bytes in the fingerprints, just so I could get a complete list of words.

Anyway, at least I verified that the words in the PGP Freeware 6.5.8 Users
Guide _really_ are the ones that are displayed; in a pair of bytes from a
fingerprint, the left byte is used as an index into the list
of 2 syllable words and the right byte is used as an index into the list
of 3 syllable words.

I hope people find the patch useful.

Regards,

Rohan

- --
Email:  Rohan_Talip at email.com    GnuPG/PGP key on http://www.keyserver.net
GnuPG/PGP fingerprint: FEEE 7DED 702A 3498 285E 4F0A 8DF0 83D4 F802 DF18

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjqilhQACgkQjfCD1PgC3xil7QCgvE313eyQDmaHVyN/o7mfKNVb
WiwAn0QLKs8IKsuTmBDaI/dLQ6ieKhJB
=/gfv
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg-1.0.4p1-patch-1.0.5rc1.gz
Type: application/octet-stream
Size: 7254 bytes
Desc: gnupg-1.0.4p1-patch-1.0.5rc1.gz
Url : /pipermail/attachments/20010304/68dd5099/gnupg-1.0.4p1-patch-1.0.5rc1.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: biometric_words_fingerprint.png
Type: image/png
Size: 3630 bytes
Desc: biometric_words_fingerprint.png
Url : /pipermail/attachments/20010304/68dd5099/biometric_words_fingerprint.png

More information about the Gnupg-devel mailing list