[Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Sep 30 16:17:15 UTC 2011

On 09/30/2011 11:09 AM, Alex Stapleton wrote:
> http://haacked.com/archive/2007/01/22/Identicons_as_Visual_Fingerprints.aspx

This link seems to come up often when talking about fingerprint
comparisons.  I am not convinced it is a good idea from a cryptographic

I think identicons would succeed in providing a simple way to
automatically visually distinguish two different-yet-cooperating parties.

I have yet to see any analysis showing that an attacker couldn't coerce
the digested data to create an identicon that most normal humans would
consider to be a "match".

Good for easy visual distinction between cooperating parties is not the
same thing as a strong cryptographic assurance against a malicious

In particular, i'm quite dubious of any web site with claims like the

>> Of course, in this situation, the security minded person would use an 
>> automated MD5 checksum checker rather than manually confirming the 
>> binary. But do you trust your md5 checksum checker? A quick visual 
>> confirmation would be a nice additional vote of confidence in this 
>> scenario.

If you don't trust your md5 checksum utility, why do you trust your png
renderer (or your display controller, or your operating system, etc)?

Identicons are a neat idea, but without a lot more defensively-oriented
analysis, they're not something to be used in a critical context like
strong establishment of identity.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110930/9568bdc6/attachment.pgp>

More information about the Freedombox-discuss mailing list