On 17/04/2015 18:46 pm, Daniel Kahn Gillmor wrote:
* human-representable form of the digest: e.g. hex, base32, common
hyphenation patterns, etc. there are legibility/usability factors
here that i don't know enough to comment on.
Just on that, I recently went through an exercise where phones get
introduced to phones. Once introduced the phones can speak to servers
directly naming their new friends and get high quality information in
dense cryptographic form. Users need not be bothered by the arcania.
But two people meeting for the first time is a bother, especially as
there are no presentations of cryptographic information in the app at
all, and we can't rely on the various bluetooth and so forth local
interactions.
We tried some variants, and in the end, I settled on a 4-letter base26.
It is created on one phone (register on server) and typed into the
other phone (lookup on server).
The base26 alpha was chosen because many phones have tiny keyboards
which require hitting a meta key to get out to numerics. This made the
Base32, hex and other mixed alphanumerics a pain, it about doubled the
workload and more than doubled the error rate.
A count of 4 characters was settled on because it was enough to provide
some discrimination but not enough to seriously challenge the users.
Users found 6 characters to be a bit testy (I include myself in this)
whereas people felt that if they couldn't handle 4 characters felt they
could blame themselves for the errors not the system.
iang
ps; The codes themselves once created are only valid for an hour,
suitable for a face to face meeting, so there is a lot more space available.
ps2; 4 uppercase letters was also used by the military back in the old
pencil & paper tactical codes days. At least my military.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp