[FEATURE REQ, RFC],
improving ergonomic HMI fingerprint cross verification
David Shaw
dshaw at jabberwocky.com
Fri Jul 16 21:35:50 CEST 2004
On Fri, Jul 16, 2004 at 06:58:28PM +0200, Thomas Schorpp wrote:
> and since the most people due to my surveys got most problems using
> cryptographic systems apps and only few problems communicating a
> little set of english words correctly, a us-english default for this
> held out of gnupgs localisation translations should be
> acceptable(?).
I don't think this would work. The whole point of using a word list
instead of hex letters is to make things easier and more secure. A
non-English speaker is going to have some serious problems reading a
word list like that. I'd argue that this is actually harder and less
secure than just reading the hex fingerprint.
Even people who don't speak a word of English can read hex.
> law question: will i violate nai's and patents rights in
> implementing this or other usuable "biometric form" in gnupg?
Maybe. I expect that the word list was purchased by the pgp.com folks
when the bought the rights to PGP a few years back. I do not know if
they have any restrictions on the list (trademark or copyright, since
I doubt a list of words is patentable, though the technique of word
lookup might be, despite the s/key prior art).
David
More information about the Gnupg-devel
mailing list