[Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 30 16:17:15 UTC 2011
On 09/30/2011 11:09 AM, Alex Stapleton wrote:
This link seems to come up often when talking about fingerprint
comparisons. I am not convinced it is a good idea from a cryptographic
I think identicons would succeed in providing a simple way to
automatically visually distinguish two different-yet-cooperating parties.
I have yet to see any analysis showing that an attacker couldn't coerce
the digested data to create an identicon that most normal humans would
consider to be a "match".
Good for easy visual distinction between cooperating parties is not the
same thing as a strong cryptographic assurance against a malicious
In particular, i'm quite dubious of any web site with claims like the
>> Of course, in this situation, the security minded person would use an
>> automated MD5 checksum checker rather than manually confirming the
>> binary. But do you trust your md5 checksum checker? A quick visual
>> confirmation would be a nice additional vote of confidence in this
If you don't trust your md5 checksum utility, why do you trust your png
renderer (or your display controller, or your operating system, etc)?
Identicons are a neat idea, but without a lot more defensively-oriented
analysis, they're not something to be used in a critical context like
strong establishment of identity.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Freedombox-discuss