[clug] request for comment: new keysigning protocol

Nemo Maelstrom Thorx nemo at nemo.house.cx
Sun Feb 7 22:58:19 MST 2010

On Mon, Feb 08, 2010 at 03:14:37PM +1100, Alex Satrapa did utter:
> On 08/02/2010, at 13:17 , Nemo Maelstrom Thorx wrote:
> > Oh, good points. I wonder if there is (or would be a usefully large
> > market for) a font specifically designed so that no characters are
> > subsets of any other, and all similar characters have relatively clear
> > distinguishing features.
> You could try representing the signature as a series of words instead, or generate a picture:
> http://softlab-pro-web.technion.ac.il/projects/ImageBasedAuthentication/html/Description.htm

I'm no security expert, but my first thoughts (in devil's advocate mode
too I should note) ... 

* any derived from the key is a step removed - which is another step
where the impossibility of collisions needs be verified. This alone
would make me wary. 

* However, the example given is pretty ugly. Surely something prettier
be obtained via identicon or similar means

* Such a visual means would have to be B+W printer compatible for key
signery goodness (= harder to avoid colisions?)

Perhaps a combination of the above? Words, pictures, icons? I fear that
it would only add bling and the illusion of ease however, without any
actual additional security. 

Really, it boils down to:
Is it worth using a pattern derived from the key, just to leverage the
brain's visual pattern matching ability?

I quite like the idea, but I'm not convinced it'd be worth the effort to
find a method which is cryptographically sound


  ------------------------------------------ --------------------------
                                                    earth native

More information about the linux mailing list