[Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]

The Doctor drwho at virtadpt.net
Mon Oct 3 17:13:46 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/30/2011 12:17 PM, Daniel Kahn Gillmor wrote:

> I have yet to see any analysis showing that an attacker couldn't
> coerce the digested data to create an identicon that most normal
> humans would consider to be a "match".

Sort of like this?

http://www.thc.org/papers/ffp.html

I am surprised that no one has brought up bubble-babble fingerprints
yet (https://secure.wikimedia.org/wikipedia/en/wiki/Bubble_Babble) or
a randomart depiction
(http://superuser.com/questions/22535/what-is-randomart-produced-by-ssh-keygen).

- -- 

The Doctor [412/724/301/703]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"Perpugilliam Brown to airlock three, Perpugilliam Brown to airlock
three.."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6J7UoACgkQO9j/K4B7F8FJWQCdHCKQxnLJuiCfWNSG+5ppv6jw
ZsYAn128LIlbwU+smfJ6A9WcaQ3DYrPK
=brKR
-----END PGP SIGNATURE-----



More information about the Freedombox-discuss mailing list