[clug] request for comment: new keysigning protocol

Nemo Maelstrom Thorx nemo at nemo.house.cx
Mon Feb 8 23:45:42 MST 2010 

On Tue, Feb 09, 2010 at 03:04:11PM +1100, Kevin Pulo did utter:
> > 
> > Really, it boils down to:
> > Is it worth using a pattern derived from the key, just to leverage the
> > brain's visual pattern matching ability?
> 
> Absolutely.  Text is already a visual representation of information.
> The only real advantage it has over everything else is our familiarity
> with it.  If you want to be able to look at two key fingerprints and
> decide something about them, you're going to need to represent them
> visually.
> 
> The trick is to do it in such a way that the event organiser can print
> out many copies, while each person brings their own trusted copy of
> their fingerprint in the same format.
> 
> I'm imagining a "font" which is 16 "pixels" high by 1 "pixel" wide, so
> that each of 0-F has its own unique and non-overlapping "character"
> (ie. bottom pixel = 0, top pixel = F), and no horizontal space between
> characters.  Actually you'd want 18 high, so that you could have the
> top and bottom-most pixels always on, to prevent vertical displacement
> attacks (eg. the dodgy key has a fingerprint in which each digit is
> +-1 the real key).  Also a solid vertical line at the start and end,
> to fully box up the fingerprint.  The fingerprint is now a kind of
> visual "barcode", so that having one of the comparison fingerprints on
> a transparency and in a different colour is sufficient.
> 
> The final problem then is ensuring that the supplied "barcode" that
> you are comparing is actually valid (ie. only one pixel "on" in each
> column).  Thin horizontal grid lines every 2 or 4 pixels would
> probably help with that, and aid in translating the image back to an
> alphanumeric fingerprint if there are any about a fingerprint.
> 
> Which also makes me wonder if the ascii-art key fingerprints used by
> OpenSSH these days might also be essentially the same thing and
> therefore suitable for this sort of thing...
>

I imagined something not entirely unlike this:
http://www.omniglot.com/writing/betamaze.htm
...but with an eye optimising towards 16 characters, and not caring
about rotation... but this sort of visual clarity. 

I am being convinced... :)


.../Nemo

-- 
  ------------------------------------------ --------------------------
                                                    earth native

More information about the linux mailing list