GnuPG patch: long fingerprints using PGP biometric word lists
Detlef Lannert
lannert-gpgspam at lannert.rz.uni-duesseldorf.de
Mon Mar 5 20:05:04 CET 2001
On Mon, Mar 05, 2001 at 09:14:16AM +0100, Matthias Urlichs wrote:
> > Some of the words appear to be cumbersome to pronounce for non-native
> > speakers.
>
> Probably. But that's not important, as the idea is that both partners
> have the word list in front of them and are just verifying that the
> words are the same. Whether I pronounce "chambermaid" correctly or
> not doesn't matter.
Many folks with a poor command of English won't know how "guidance"
is spelled or how "breadline" or "scenic" should be pronounced.
> > I'm not sure if this whole idea is a good one.
> >
> Well, it's better (faster, less error-prone) than reading a long hex
> digit string.
As a compromise you could convert the fingerprint into a base-26
number coded as letters and pronounced according to the "Alpha-Bravo-
Charly" alphabet already mentioned in this thread. OK, that's still
35 words instead of 20 with the NAI wordlist (or 40 hexadecimal
digits). But the words are well-known to far more people around the
world. And they are shorter.
For example:
$ spellhex.py -s FEEE 7DED 702A 3498 285E 4F0A 8DF0 83D4 F802 DF18
Bravo Delta Lima Hotel Zulu
Uniform Golf Mike Romeo Golf
Papa November Oscar Uniform Kilo
Charly Whisky Delta Delta X-ray
Uniform Yankee Yankee Bravo Yankee
Echo Bravo Foxtrott Echo Tango
Bravo November Charly India India
$ spellhex.py -x BDLHZ UGMRG PNOUK CWDDX UYYBY EBFET BNCII
FEEE 7DED 702A 3498 285E 4F0A 8DF0 83D4 F802 DF18
(Program: <http://starship.python.net/crew/lannert/spellhex.py>.)
> > The word list is probably copyrighted by NAI.
This one isn't.
The question still remains whether "Bravo Delta Lima ..." works
much better than "Foxtrott Echo Echo Echo, Seven Delta Echo ...".
Detlef
More information about the Gnupg-devel
mailing list