Passphrase in addition to Fingerprint

Mon Jul 8 23:15:01 CEST 2013

Hi

Thanks for finding this idea. It is similar but not the same. The old
idea you found is a cool trick for reading out loud the fingerprint.

What I want is to create a short phrase that you can not get out of your
mind. This is similar to the tricks these memory performers use to
remember a phone book.

This way I can verify the keys of my friends just be meeting them on the
streets without business cards.

Also good for phone verification.

Disadvantage could be the small "key space". But even if it is worse
than the fingerprint verification, it is lots better than nothing.

Thorsten Sick

Am Montag, den 08.07.2013, 13:07 -0400 schrieb Daniel Kahn Gillmor:
> On 07/08/2013 12:05 PM, Thorsten Sick wrote:
> > The normal Fingerprint is hard to remember and must be exchanged using a
> > printed out version. It would be cool to also have an easy to remember
> > fingerprint phrase calculated out of the Fingerprint.
> > 
> > "twenty annoying green elephants dance in china"
> > 
> > Where a small change in the fingerprint changes the whole phrase and the
> > sentence has at least some natural structure. To achieve that use
> > bulding blocks with word lists. So the "twenty annoying" is from a long
> > list also containing "two hundred", "2 drunken", ...
> > The sentence could split like that into building blocks:
> > "twenty annoying| green| elephants| dance| in china"
> > 
> > People should be able to remeber their "passphrase" and when meeting
> > they jsut could ask "what was you phrase again" "five aggressive
> > penguins attack harmless hamsters" ?
> > 
> > See this bug at:
> > https://sourceforge.net/p/enigmail/bugs/152/
> 
> Paul Wise brought this up recently:
> 
> http://bonedaddy.net/pabs3/log/2013/06/28/openpgp-fingerprint-exchange/
> 
> and pointed toward this (older) specification:
> 
> https://en.wikipedia.org/wiki/PGP_word_list
> 
> does this match what you're asking about?
> 
> 	--dkg
> 