randomart is troubling [was: Re: QR code]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 19 19:44:06 CET 2012 

On 01/19/2012 01:25 PM, Hans-Christoph Steiner wrote:
> About randomart display of fingerprints, we really like the idea as it is implemented in OpenSSH.
> Most people will find it much easier to compare little pictures rather
than hex strings.
> Indeed many people will be quite intimidated by the site of a long hex
string in their app.
> So the idea is to incorporate the randomart image into the fingerprint
validation process.

I'm unconvinced by these arguments.  people might feel more comfortable
"comparing pictures" than "comparing hex strings", but that doesn't say
anything about the actual collision-resistance of the pictures
(especially in the context of the heuristic- and idiosyncrasy-ridden
human visual apparatus).

Most people would also feel more comfortable comparing shorter strings
that were pronouncable (e.g. it says "cat dog zebra" -- does yours say
"cat dog zebra"?); but we don't do that because those shorter strings
don't have enough entropy to be collision-resistant in the way that we
need fingerprints to be.

Can you point me to studies that show actual resistance to malicious
attack against "randomart" approaches?  Mingerprints themselves are
subject to attacks against common human mental idiosyncrasies:

  http://www.thc.org/papers/ffp.html

my instincts suggest that visual image comparison is at least as "fuzzy"
(probably moreso) than string comparison, even if people find it more
comfortable.

We don't do anyone a good service by introducing insecure steps in a
critical stage of the verification process.

It would be better to just get the human out of the loop entirely if the
opaque data is beyond human capacity to deal with (which is the idea
behind the QR code stuff, aiui.

Are there good arguments for randomart?  I'd like to hear them if there are.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120119/ced2c728/attachment.pgp>

More information about the Gnupg-devel mailing list