randomart is troubling [was: Re: QR code]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 19 21:56:47 CET 2012

On 01/19/2012 02:23 PM, Hans-Christoph Steiner wrote:
> - we are not claiming randomart is tried and true
> - we are not replacing standard manual fingerprint verification

thanks, i'm glad to hear this.

> The standard manual fingerprint verification procedure is easy to mess up.  If a fingerprint is off by one digit, how many users to do you think will catch that error?  How about off by a few?  

Sure, agreed!  See the link i posted about fuzzy fingerprint attacks.
humans suck at this kind of thing in general, which is why wordfinds and
"find the difference" puzzles are considered challenging.

> Our current idea is something like this:
> - the software is geared towards smartphones with cameras
> - the fingerprint verification screen shows the standard hex fingerprint, the QR Code version, and the randomart image
> - users scan each other's QR code to get the fingerprint
> - they will then validate each others' fingerprints by looking at the QR code, the hex string and the randomart image

if your goal is just experimentation, this seems like a fine approach.

in practice, though, i suspect regular humans will either be so
overwhelmed by the range of choices that they'll just click "OK", or
they'll decide to focus specifically on the one that seems
simplest/easiest for them.  I wouldn't be surprised if that turned out
to also be the one that offers the least collision resistance,

If we want something to be secure for regular users, it should offer
them one simple and secure method, preferably not involving anything
like a "find the difference" puzzle (and yes, i'm including hex-string
matching in that set).  That's the advantage of the QR approach --
direct machine-to-machine comparison with any (sighted) human being able
to tell if there's an MITM going on.

> We could also throw in the random words technique you mentioned above, can you recommend a library?

you might have noticed that i *wasn't* recommending short strings of
random words.  if you're interested in longer strings, there are several
existing implementations of that idea, including:


i don't think either of these supports a C shared library, though.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120119/dc422308/attachment-0001.pgp>

More information about the Gnupg-devel mailing list