[clug] request for comment: new keysigning protocol

Kevin Pulo kev at pulo.com.au
Mon Feb 8 21:04:11 MST 2010


On Mon, Feb 08, 2010 at 03:58:19PM +1000, Nemo Maelstrom Thorx wrote:

> Perhaps a combination of the above? Words, pictures, icons? I fear that
> it would only add bling and the illusion of ease however, without any
> actual additional security. 
> 
> Really, it boils down to:
> Is it worth using a pattern derived from the key, just to leverage the
> brain's visual pattern matching ability?

Absolutely.  Text is already a visual representation of information.
The only real advantage it has over everything else is our familiarity
with it.  If you want to be able to look at two key fingerprints and
decide something about them, you're going to need to represent them
visually.

The trick is to do it in such a way that the event organiser can print
out many copies, while each person brings their own trusted copy of
their fingerprint in the same format.

I'm imagining a "font" which is 16 "pixels" high by 1 "pixel" wide, so
that each of 0-F has its own unique and non-overlapping "character"
(ie. bottom pixel = 0, top pixel = F), and no horizontal space between
characters.  Actually you'd want 18 high, so that you could have the
top and bottom-most pixels always on, to prevent vertical displacement
attacks (eg. the dodgy key has a fingerprint in which each digit is
+-1 the real key).  Also a solid vertical line at the start and end,
to fully box up the fingerprint.  The fingerprint is now a kind of
visual "barcode", so that having one of the comparison fingerprints on
a transparency and in a different colour is sufficient.

The final problem then is ensuring that the supplied "barcode" that
you are comparing is actually valid (ie. only one pixel "on" in each
column).  Thin horizontal grid lines every 2 or 4 pixels would
probably help with that, and aid in translating the image back to an
alphanumeric fingerprint if there are any about a fingerprint.

Which also makes me wonder if the ascii-art key fingerprints used by
OpenSSH these days might also be essentially the same thing and
therefore suitable for this sort of thing...

Kev.

-- 
.----------------------------------------------------------------------.
| Kevin Pulo                Quidquid latine dictum sit, altum viditur. |
| kev at pulo.com.au               _ll l_ng__g_e_ _r_ hi__ly p__d_ct__le. |
| http://www.kev.pulo.com.au/         God casts the die, not the dice. |
`--------------- Linux: The choice of a GNU generation. ---------------'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/linux/attachments/20100209/256592cc/attachment.pgp>


More information about the linux mailing list