On Tue, Apr 28, 2015 at 11:31 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com>
wrote:
Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:
That said, I am really on the fence on Base32C. Another way to skin
the same cat would be to have an interactive protocol with whatever
service uses fingerprints as index terms. With a population of a
million keys (2^20) a fingerprint should start to become unique after
the fourth letter is typed. So the service could easily construct a
'did you mean' concordance.
Interesting concept.. But again, why would you be typing it in? What's
the use case here? The only use-cases I've seen are where the user
visually verifies that the printed fingerprint == the computed
fingerprint.
Look, my concern here is purely that I don't want to have to redo the
code I write this week because someone proposes this as an addition
later on.
I think we have established that it is not worth doing.
If people are reading in a business card why not do OCR on their phone?
So we are looking at 95% of the uses of fingerprints being to provide
a visual verification of a fingerprint being displayed to them. That
looks good to me.
We can even (modulo the possibility of ridiculous patent claims)
consider a step further and have an image based Base2^20 display of
the same data.
Lets say we get an open source image library with 2^20 visibly
distinct entries. We number the entries and form a Merkle tree over
them. This gives us an alphabet where we can check every character
against the root hash of the Merkle tree. We then prepend the Merkle
tree chain to each gliph making it verifiable against the root
fingerprint.
We can now have a collection of untrusted servers that serve up this
set of glyphs. At 4KB on disk per 120x120 pixel glyph, that is only
4GB.
So if Alice is using a 125 bit fingerprint (Work factor 2^117), her
Base64 fingerprint is:
aaaaa-bbbbb-ccccc-ddddd-eeeee
The equivalent Base2-20 fingerprint would be a sequence of images and
have a work factor of (2^112)
[z]-[z]-[z]-[z]-[z]-[z]
Anyone know where we might scrounge a million images? WikiSource perhaps?
It would probably behoove us to check them in some fashion but this
could be crowdsourced.
The idea of using images as an alphabet has ample prior art going back
to ancient Egypt.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp