[FEATURE REQ, RFC],
improving ergonomic HMI fingerprint cross verification
dshaw at jabberwocky.com
Sun Jul 18 16:06:14 CEST 2004
On Sat, Jul 17, 2004 at 12:49:04AM -0400, Atom 'Smasher' wrote:
> On Fri, 16 Jul 2004, David Shaw wrote:
> > Incidentally, PGP has what their marketing calls "biometric"
> > fingerprints. This is just a word list so people don't have to read
> > out the hex fingerprint. For example, my key fingerprint is:
> > 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
> > But in "biometric" form, it is:
> > klaxon misnomer willow company
> > cleanup potato upset hurricane
> > drainage resistor python outfielder
> > suspense guitarist optic hideaway
> > prowler Capricorn bombast fortitude
> is that intended to solve a problem? or create new problems?
Clearly it's useful to someone, or it wouldn't be in the product.
Just because it is inappropriate for GnuPG, doesn't mean that it's
useless everywhere. I think the history of the word list originated
in pgpfone, where reading word lists via a somewhat-iffy voice
connection was considered safer than reading hex.
More information about the Gnupg-devel