GnuPG patch: long fingerprints using PGP biometric word lists

Werner Koch wk at
Mon Mar 5 09:06:04 CET 2001

On Sun, 4 Mar 2001, Florian Weimer wrote:

> Some of the words appear to be cumbersome to pronounce for non-native
> speakers.  I'm not sure if this whole idea is a good one.

Given that we currently have support for 13 native languages, I
can't see a way to agree on one common set of keywords.  And having
translations of them may render the whole thing meaningless.  Even
the Alpha, Bravo,... Zulu alphabet is not easy to pronounce in all
languages but it is widely used and therefore a reasonable way to
spell the hex digits.

I also ask myself what sense does such a wordlist make:  If you have
such a noisy (phone) channel how can you recognize the voice of the
one at the other end?  How do you authenticate the phone connection? 
Checking fingerprints over phone can only be done with someone you
really know, say I can do this with my wife or other near relatives.

> The word list is probably copyrighted by NAI.

And that is a show stopper.

Rohan, I know that you have put a lot of work into that wordlist and
we should see where we can use it elsewhere - what about writing a
small program which just takes a list hexdigits and then spells
those using your wordlist - it can then even be used with gpg.



Omnis enim res, quae dando non deficit, dum habetur
et non datur, nondum habetur, quomodo habenda est.
                                      -- Augustinus

More information about the Gnupg-devel mailing list