On Thu, Jan 30, 2014 at 12:21 PM, Watson Ladd <[email protected]> wrote: > Take your social security card: notice that the number is broken up > into unequal blocks. > The same is true for telephone numbers. > I don't think this is coincidence: has human interaction research been > conducted on > making strings easily identifiable?
There's research on character legibility and word recognition that's not hard to find (eg Miles Tinker, Kevin Larson). But for alphanumeric strings of crypto length I couldn't find much. > The second point concerns the need for fingerprints in the first > place. We're looking at a future that is increasingly multi-device. > Transparently managing shared contacts including cryptographic > identities from prior encounters obviates the need for fingerprints. Certainly Trust-On-First-Use (TOFU) or a trusted infrastructure could provide a nicer UX than fingerprint verification. But I suspect there will always be use cases where manual verification matters (e.g. first-time contact, or users with high-security requirements). So I don't think the need for fingerprints is completely "obviated", though I agree we shouldn't force all users to deal with them. > However, it does raise all sorts of tracking questions/how to access > this shared contact file from a new device? Yes, syncing devices is also a hard problem, particularly in the context of "ratcheting" algorithms which update keys for forward secrecy. Perhaps another thread sometime... > Thirdly, UX remains a huge issue. Cryptocat got this right, and a > desktop Java application is probably the best current solution > (although Java is no longer as ubiquitous as it once was). Pond is > having issues making a cross-system GUI. Unless we can get people to > use our solutions, they don't matter. Yes, good UIs are difficult. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
