[Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Oct 3 17:57:49 UTC 2011


On 10/03/2011 01:13 PM, The Doctor wrote:
> On 09/30/2011 12:17 PM, Daniel Kahn Gillmor wrote:
> 
>> I have yet to see any analysis showing that an attacker couldn't
>> coerce the digested data to create an identicon that most normal
>> humans would consider to be a "match".
> 
> Sort of like this?
> 
> http://www.thc.org/papers/ffp.html

This is a demonstration of an attack against humans' poor ability to
rigorously compare hexadecimal fingerprints.  I was asking for analysis
of comparable vulnerabilities of identicons or other graphical
representations.

I fully agree that there are problems with asking users to match
hexadecimal strings, but switching domains to something other than
hexadecimal strings without analysis of that other domain isn't the way
to solve the problem.

> I am surprised that no one has brought up bubble-babble fingerprints
> yet (https://secure.wikimedia.org/wikipedia/en/wiki/Bubble_Babble) or
> a randomart depiction
> (http://superuser.com/questions/22535/what-is-randomart-produced-by-ssh-keygen).

Is it even worth bringing these up?  The randomart produced by openssh
is a heinous kludge.  I have yet to hear a good argument for it or any
analysis of how resistant it is to "fuzzy" approximations (or humans'
ability to distinguish between similar "randomart" images, for that matter).

I'm not so sure about bubble-babble -- afaict, the advantage there is
the ability to transmit it by voice with reasonable fidelity over a
telephone.

----------

But the crux of the whole discussion is:

 0) To bootstrap the rest of the crypto stack, we need precise and
rigorous comparison of blobs of high-entropy data that are at least 160
bits long.

 1) humans are bad at doing precise and rigorous comparison of
*anything*, worse when the data is high-entropy, and even worse with
large amounts of high-entropy data (160 bits is "large" for almost every
human i know).

----------

So either:

 A) We can try to solve the problem by shuffling the bits around into
different forms that we think *might* be more memorable and resistant to
fuzzy attack, or...

 B) We can try to let the humans do something humans are good at doing
(like examining and thinking about the physical world to ensure that a
physical link is intact), and let our machinery do the precise and
rigorous comparisons directly.

Given that we have such machinery available, and given the unlikelihood
of a radical shift in human mental practice and capacity, option B seems
like the better approach to me.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20111003/d4e95fc4/attachment.pgp>


More information about the Freedombox-discuss mailing list