Passphrase in addition to Fingerprint
Thorsten Sick
thorsten.sick at email.de
Tue Jul 9 19:11:28 CEST 2013
Hi Daniel
I am totally aware that the identifier will be weaker.
I was having the idea for a GUI, where the keys are marked by a traffic
light (red=not verified, yellow=phrase or similar, green = fingerprint
verification).
I think if the idea rises or lowers security is very dependend on the
way we explain to the average user what to expect from the encrypted
channel and how to improve it. Clicking on the yellow sign in front of a
signature/decrypted mail could tell the user: "Average security. You
verified the Phrase. To improve the security, check the fingerprint
<DEADBEEF0FED> by meeting the person and asking them if this is the
right one".
Passphrase verification is better than no verification at all.
So, the question for me is: Are there and use cases for end-users where
we can not display something like the traffic light indicating good but
not perfect verification ?
Security estimation:
Having a phrase built out of 5 sections, where each section has 100
options in a list it would be 100x100x100x100x100 different phrases =
10,000,000,000 . And I would take more than 100 options.
160 Bit Fingerprint: 1,461501637×10^48
Thorsten Sick
Am Dienstag, den 09.07.2013, 11:08 -0400 schrieb Daniel Kahn Gillmor:
> On 07/08/2013 05:15 PM, Thorsten Sick wrote:
> > Thanks for finding this idea. It is similar but not the same. The old
> > idea you found is a cool trick for reading out loud the fingerprint.
> >
> > What I want is to create a short phrase that you can not get out of your
> > mind. This is similar to the tricks these memory performers use to
> > remember a phone book.
> >
> > This way I can verify the keys of my friends just be meeting them on the
> > streets without business cards.
> >
> > Also good for phone verification.
> >
> > Disadvantage could be the small "key space". But even if it is worse
> > than the fingerprint verification, it is lots better than nothing.
>
> If you're talking about actually making a phrase that has significantly
> less entropy and encouraging people to use that in place of a
> fingerprint, i think that's a bad idea. It's bad enough that many
> people seem to think that their 8-character "short keyid" (the last 4
> octets of their fingerprint) is a strong identifier; it's not -- it
> takes an hour or so on cheap consumer hardware to find a colliding short
> keyid).
>
> We shouldn't be introducing new weak identifiers to a system that
> actually needs strong identifiers.
>
> --dkg
>
>
More information about the Gnupg-devel
mailing list