[Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Sep 30 17:36:49 UTC 2011

On 09/30/2011 01:01 PM, Alex Stapleton wrote:
> The lack of a secure, well audited visual hashing thing is a bit of a problem with this approach I agree :)
> I am not especially convinced reading long hex strings is especially secure :)

indeed :)  the WoT approach better than nothing because you only need to
compare fingerprints of the people you've met; then reasonable tools can
help you infer other people's identities without having to visually scan

> What about sending an HMAC with a randomly generated, or user entered key on each device? 

Without any more details, it sounds to me like you still have the same
bootstrapping problem.  Robust, integrity-checked key exchange is a core
problem for any crypto protocol.  forcing the user to enter a weak key
by hand isn't much defense against a networked attacker.  forcing the
user to enter a strong key by hand is tedious and inhumane.  and if
you're going to force the user to enter or verify a strong key, you
might as well have them verify the fingerprint directly.

Moving the verification process to something that most (sighted) humans
do naturally is the big win of the QRcode approach, i think.

I quite like Ted Smith's idea of combining the RF/bluetooth/NFC full key
transmission with the QR-code optical verification step.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110930/b7e01923/attachment.pgp>

More information about the Freedombox-discuss mailing list