[clug] request for comment: new keysigning protocol
Nemo Maelstrom Thorx
nemo at nemo.house.cx
Sun Feb 7 22:58:19 MST 2010
On Mon, Feb 08, 2010 at 03:14:37PM +1100, Alex Satrapa did utter:
> On 08/02/2010, at 13:17 , Nemo Maelstrom Thorx wrote:
>
> > Oh, good points. I wonder if there is (or would be a usefully large
> > market for) a font specifically designed so that no characters are
> > subsets of any other, and all similar characters have relatively clear
> > distinguishing features.
>
> You could try representing the signature as a series of words instead, or generate a picture:
> http://softlab-pro-web.technion.ac.il/projects/ImageBasedAuthentication/html/Description.htm
>
I'm no security expert, but my first thoughts (in devil's advocate mode
too I should note) ...
* any derived from the key is a step removed - which is another step
where the impossibility of collisions needs be verified. This alone
would make me wary.
* However, the example given is pretty ugly. Surely something prettier
be obtained via identicon or similar means
http://en.wikipedia.org/wiki/Identicon
http://qureyoon.blogspot.com/2007/02/identifrac-unique-visual-identification.html
* Such a visual means would have to be B+W printer compatible for key
signery goodness (= harder to avoid colisions?)
Perhaps a combination of the above? Words, pictures, icons? I fear that
it would only add bling and the illusion of ease however, without any
actual additional security.
Really, it boils down to:
Is it worth using a pattern derived from the key, just to leverage the
brain's visual pattern matching ability?
I quite like the idea, but I'm not convinced it'd be worth the effort to
find a method which is cryptographically sound
.../Nemo
--
------------------------------------------ --------------------------
earth native
More information about the linux
mailing list