[Freedombox-discuss] Tap-to-share PGP key exchange

Boaz alt.boaz at gmail.com
Sat Oct 1 14:19:41 UTC 2011 

On 09/30/2011 12:17 PM, Daniel Kahn Gillmor wrote:
> On 09/30/2011 11:09 AM, Alex Stapleton wrote:
>> http://haacked.com/archive/2007/01/22/Identicons_as_Visual_Fingerprints.aspx
>
> This link seems to come up often when talking about fingerprint
> comparisons.  I am not convinced it is a good idea from a cryptographic
> standpoint.
>
> I think identicons would succeed in providing a simple way to
> automatically visually distinguish two different-yet-cooperating parties.
>
> I have yet to see any analysis showing that an attacker couldn't coerce
> the digested data to create an identicon that most normal humans would
> consider to be a "match".
>
> Good for easy visual distinction between cooperating parties is not the
> same thing as a strong cryptographic assurance against a malicious
> impersonator.

Hmm, I'm not sure exactly what the author of the linked page had in
mind, but what immediately came to my mind when I read it was this:

Make a standardized set of 256 images.  They should be pretty,
memorable, and very distinct from each other visually.  For now, I'll
call them hexicons.  Each hexicon can now represents 8 bits, or 2
hexadecimal characters.  You know exactly which hexicon image
represents which 8 bit binary string because that's standardized.

Now, binary strings (like for example key fingerprints) can be
represented on a user's screen in terms of hexicons.  In this way,
comparing a 4 by 5 grid of hexicons is, in terms of cryptographic
security, exactly equivalent to comparing a 40 character hexadecimal
string, but perhaps is a less monotonous task (I'd rather look at a
collage of pleasing images than a paragraph of nonsense letters and
numbers, wouldn't you?).

This is similar to what's been done with the PGP word list (
https://secure.wikimedia.org/wikipedia/en/wiki/PGP_word_list ).


I'm so excited about what's come out of this discussion specifically,
and all the discussion on this list about QR code fingerprint
verification generally.

My view is that the best approach (by far) is:

QR code fingerprint verification + local wireless whole certificate transmission

but that

1. QR code fingerprint verification + keyserver whole certificate look up
and
2. local wireless whole certificate transmission + hexicon grid
fingerprint verification

should also be supported options.


On 09/30/2011 04:09 PM, Daniel Kahn Gillmor wrote:
> PS There's still a minor gap here, for a motivated and skilled attacker
> who can control the airwaves: they can make it so the user gets the
> peers' key, but gets a different set of OpenPGP certifications on it.
> The key fingerprint alone wouldn't let users ascertain that all the
> associated certifications were correctly transferred.
>
> however, users are going to need to refresh their keys at some point
> anyway to get updated certifications, revocations, changes in expiry,
> etc.  So this is just another instance of that situation.  If you really
> wanted to be sure that the entire key+certifications packet collection
> made it through, you could have the QRCode contain two lines instead of
> one, something like:
>
>  OPENPGPFPR4: 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
>  X-OPENPGP-PACKETS-SHA1: 2A1AC9A4AE0A62AADA8A05015B96FFC1BD1FB31A

I'm not sure I understand the problem correctly, but if I do, could
the solution be as simple as including only a single hash of the
entire key+certifications packet collection, thereby securely
verifying everything without needing to increase the amount of data on
the QR code?


> it's twice as much data to fit in the QR code (which makes capturing a
> bit more finicky), but maybe that's a tradeoff people could make.

In my opinion, making the system more finicky is not an acceptable
trade off, ever.  People don't use technological systems because
they're secure, they use them because they just work.


I have a dream:

That our app will become the preferred method of exchanging email
address and phone number among mainstream smartphone users.  The key
fingerprint will be in there almost as an afterthought.

Everyone will use our app because it's slightly more convenient than
scribbling a name, email address, and phone number on a scrap of
paper.  But quietly, in the background, our app will also be expanding
the PGP WOT to span global mainstream society.


Boaz

More information about the Freedombox-discuss mailing list