[Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 30 16:17:15 UTC 2011
On 09/30/2011 11:09 AM, Alex Stapleton wrote:
> http://haacked.com/archive/2007/01/22/Identicons_as_Visual_Fingerprints.aspx
This link seems to come up often when talking about fingerprint
comparisons. I am not convinced it is a good idea from a cryptographic
standpoint.
I think identicons would succeed in providing a simple way to
automatically visually distinguish two different-yet-cooperating parties.
I have yet to see any analysis showing that an attacker couldn't coerce
the digested data to create an identicon that most normal humans would
consider to be a "match".
Good for easy visual distinction between cooperating parties is not the
same thing as a strong cryptographic assurance against a malicious
impersonator.
In particular, i'm quite dubious of any web site with claims like the
following:
>> Of course, in this situation, the security minded person would use an
>> automated MD5 checksum checker rather than manually confirming the
>> binary. But do you trust your md5 checksum checker? A quick visual
>> confirmation would be a nice additional vote of confidence in this
>> scenario.
If you don't trust your md5 checksum utility, why do you trust your png
renderer (or your display controller, or your operating system, etc)?
Identicons are a neat idea, but without a lot more defensively-oriented
analysis, they're not something to be used in a critical context like
strong establishment of identity.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110930/9568bdc6/attachment.pgp>
More information about the Freedombox-discuss
mailing list