On 30 Sep 2011, at 17:17, Daniel Kahn Gillmor wrote: > On 09/30/2011 11:09 AM, Alex Stapleton wrote: >> http://haacked.com/archive/2007/01/22/Identicons_as_Visual_Fingerprints.aspx > > This link seems to come up often when talking about fingerprint > comparisons. I am not convinced it is a good idea from a cryptographic > standpoint. > > Good for easy visual distinction between cooperating parties is not the > same thing as a strong cryptographic assurance against a malicious > impersonator. > > Identicons are a neat idea, but without a lot more defensively-oriented > analysis, they're not something to be used in a critical context like > strong establishment of identity.
The lack of a secure, well audited visual hashing thing is a bit of a problem with this approach I agree :) Personally I would be comfortable with using something like that with the vast majority of my trust relationships. However, I get the need for something more secure, and I am not especially convinced reading long hex strings is especially secure :) What about sending an HMAC with a randomly generated, or user entered key on each device? _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
