GnuPG patch: long fingerprints using PGP biometric word lists

Detlef Lannert lannert-gpgspam at lannert.rz.uni-duesseldorf.de
Mon Mar 5 20:05:04 CET 2001


On Mon, Mar 05, 2001 at 09:14:16AM +0100, Matthias Urlichs wrote:
> > Some of the words appear to be cumbersome to pronounce for non-native
> > speakers. 
> 
> Probably. But that's not important, as the idea is that both partners
> have the word list in front of them and are just verifying that the
> words are the same. Whether I pronounce "chambermaid" correctly or
> not doesn't matter.

Many folks with a poor command of English won't know how "guidance"
is spelled or how "breadline" or "scenic" should be pronounced.

> > I'm not sure if this whole idea is a good one.
> > 
> Well, it's better (faster, less error-prone) than reading a long hex
> digit string.

As a compromise you could convert the fingerprint into a base-26
number coded as letters and pronounced according to the "Alpha-Bravo-
Charly" alphabet already mentioned in this thread. OK, that's still
35 words instead of 20 with the NAI wordlist (or 40 hexadecimal
digits). But the words are well-known to far more people around the
world. And they are shorter.

For example:
    $ spellhex.py -s FEEE 7DED 702A 3498 285E  4F0A 8DF0 83D4 F802 DF18
    Bravo Delta Lima Hotel Zulu
    Uniform Golf Mike Romeo Golf
    Papa November Oscar Uniform Kilo
    Charly Whisky Delta Delta X-ray
    Uniform Yankee Yankee Bravo Yankee
    Echo Bravo Foxtrott Echo Tango
    Bravo November Charly India India

    $ spellhex.py -x BDLHZ UGMRG PNOUK CWDDX UYYBY EBFET BNCII
    FEEE 7DED 702A 3498 285E 4F0A 8DF0 83D4 F802 DF18
    
(Program: <http://starship.python.net/crew/lannert/spellhex.py>.)

> > The word list is probably copyrighted by NAI.

This one isn't.

The question still remains whether "Bravo Delta Lima ..." works
much better than "Foxtrott Echo Echo Echo, Seven Delta Echo ...".

  Detlef



More information about the Gnupg-devel mailing list