[FEATURE REQ, RFC], improving ergonomic HMI fingerprint cross verification

David Shaw dshaw at jabberwocky.com
Sun Jul 18 16:06:14 CEST 2004


On Sat, Jul 17, 2004 at 12:49:04AM -0400, Atom 'Smasher' wrote:
> On Fri, 16 Jul 2004, David Shaw wrote:
> 
> > Incidentally, PGP has what their marketing calls "biometric"
> > fingerprints.  This is just a word list so people don't have to read
> > out the hex fingerprint.  For example, my key fingerprint is:
> >
> >    7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
> >
> > But in "biometric" form, it is:
> >
> >    klaxon         misnomer       willow         company
> >    cleanup        potato         upset          hurricane
> >    drainage       resistor       python         outfielder
> >    suspense       guitarist      optic          hideaway
> >    prowler        Capricorn      bombast        fortitude
> ==========================
> 
> is that intended to solve a problem? or create new problems?

Clearly it's useful to someone, or it wouldn't be in the product.
Just because it is inappropriate for GnuPG, doesn't mean that it's
useless everywhere.  I think the history of the word list originated
in pgpfone, where reading word lists via a somewhat-iffy voice
connection was considered safer than reading hex.

David



More information about the Gnupg-devel mailing list