Re: [cryptography] PGP word list
* Werner Koch: On Sun, 22 Feb 2015 13:19, f...@deneb.enyo.de said: An option to spell out the digits and letters in a hex fingerprint would be a good start, so that you end up with some sort of Something like this? $ gpg -k --with-icao-fingerprint 1e42b367 pub dsa2048/F2AD85AC1E42B367 2007-12-31 [expires: 2018-12-31] Key fingerprint = 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367 Eight Zero Six One Five Eight Seven Zero Foxtrott Five Bravo Alfa Delta Six Nine Zero Three Three Three Six Eight Six Delta Zero Foxtrott Two Alfa Delta Eight Five Alfa Charlie One Echo Four Two Bravo Three Six Seven uid [ unknown] Werner Koch w...@gnupg.org Yes, this is what I had in mind. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] PGP word list
On Sun, 22 Feb 2015 13:19, f...@deneb.enyo.de said: An option to spell out the digits and letters in a hex fingerprint would be a good start, so that you end up with some sort of Something like this? $ gpg -k --with-icao-fingerprint 1e42b367 pub dsa2048/F2AD85AC1E42B367 2007-12-31 [expires: 2018-12-31] Key fingerprint = 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367 Eight Zero Six One Five Eight Seven Zero Foxtrott Five Bravo Alfa Delta Six Nine Zero Three Three Three Six Eight Six Delta Zero Foxtrott Two Alfa Delta Eight Five Alfa Charlie One Echo Four Two Bravo Three Six Seven uid [ unknown] Werner Koch w...@gnupg.org Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] PGP word list
On a minor note, technically the PGP word list is a nine-bit communications codebook, with one bit dedicated as an error detecting bit. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] PGP word list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I just realised one barrier -- language. It uses the English language, and PGP might be stronger in Europe than in the anglo world. So perhaps the wordset should be retuned to being some form of internationalised english, words that are recognisable by a wide set of cultures? Things like: weekend, manyana, angst, perestroika, bollywood, ... just a thought. We're using the PGP world list for verifying short authentication strings. You're bringing up a great point, and it's one we're dealing with. Ultimately, the problem is that any given word is going to be unpronounceable gibberish to *someone* and you want that set of words and someones to be small enough. The alternative is to use something like base32 and the ICAO/NATO word list (alpha, bravo, charlie, delta, echo, etc.) or even bare letters and numbers to get base32. The PGP word list is a set of two-syllable and three-syllable words that are eight bits long, each. You can either alternate two-syllable and three-syllable words for error correction, or combine them. That gives you either eight or nine bits per word, versus five bits for ICAO. At the end of the day, you're either taking a hit on intelligibility with bare letters and numbers, or using English words. You have to pick the way in which you want to have suck. The advantage of the PGP word list is that you get a large number of bits per word, but the cost is a high chance of a word that's baffling to someone. ICAO words have fewer words, but at least there's only 32 of them. Bare letters have some of the worst of all of these -- they're easily misunderstood (which is why the ICAO list exists), and even more cross-language. So pick your poison. Jon -BEGIN PGP SIGNATURE- Version: PGP Universal 3.3.0 (Build 9060) Charset: us-ascii wsBVAwUBVOYF9PD9H+HfsTZWAQhIRwf8CHlbpHidIYNLE8MpXBRAPq9w1QMbC5ZF m37Zcei8Cyg9+UbAxZGdn1yWPQ8uRprAbQ60LCP8LVo6KY5e+q8KrmOsFkl/eaQN 9DUgFNaigjQJojMgaB/92DvXZG5FGN6z7Fs1pBPpMmvlEtVWaD9mN2Ny06jzdmai 8JTdJuQv8UD37daB/5Uxeg0AL5ap5WIEzl/MQnzSNHIlQyFvELbfSh/R/sD8yqKB dA1l2g/54kwPtuVld+RkGQ4NWqha/hi2uJc14v3LO2J+Ubocbcalb1BNkY4de0X9 MTd525ZQi5hTmOynlBNvWDfPGkf985Ubfcei4bEuTOlncdXVNLfQ1Q== =ptz5 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] PGP word list
On Thu, 19 Feb 2015 11:04, i...@iang.org said: I just realised one barrier -- language. It uses the English language, and PGP might be stronger in Europe than in the anglo world. Right. I recall that this has been discussed in the OpenPGP WG years ago. IIRC, the conclusion was that the international spelling alphabet has been developed just for this purpose and that all kind of shortcut word lists would lead to more confusion than plain spelling of hex digits. Recall that the spelling alphabet works well under a bad S/N-ratio and thus also between speakers of different mother tongue. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography