On 1/30/14, Trevor Perrin <[email protected]> wrote: > On Thu, Jan 30, 2014 at 5:06 AM, Ximin Luo <[email protected]> wrote: >> >> However, I don't think we'll ever get rid of *all* fps. So we should try >> to improve these as well. These are two distinct topics, there is no >> conflict.
> People brought up formats designed for visual or spoken presentation: > - SSH randomart > - PGPfone, S/Key, or Koremutake wordlists > > I share Daniel's skepticism about randomart and Robert's skepticism > about wordlists [2,3]. > > These schemes don't seem like much of an improvement over alphanumeric > text, even in their chosen domain. And they're much more awkward > outside it (speaking a randomart, or fitting, say, 20 words into a > text field). Actually, I don't believe that the S/Key encoding or Koremutake were designed for voice transmission. (Sorry -- I should have corrected this much sooner.) * S/Key was designed to make a 48-bit password easy for a user to copy from a piece of paper to a terminal. (The documentation for a competing system, OTPW, points out that this encoding is in fact a security flaw in S/Key, particularly when combined with S/Key's cryptographic design. See the fourth and first paragraphs of the ‘Design rationale’ section of <https://www.cl.cam.ac.uk/~mgk25/otpw.html>.) * Koremutake's stated goal is to invertibly map a (potentially large) integer to a string which is ‘memorable’ to a user who can see it. (They appear to mean “memorable” in the sense of “easy to recall”, rather than “easy to recognize”.) Neither of those two encoding systems claims to have been designed to support voice transmission, so I was not surprised to find that they were not suitable for the application that I had in mind. These encodings, and others like them, may still be useful, but I would not design a system to use one of them as the primary representation of keys or fingerprints. Robert Ransom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
