[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] Fingerprint, Base32 or Base32C?

At Tue, 28 Apr 2015 16:13:33 +0000,
Alessandro Barenghi wrote:
> On 04/28/2015 03:58 PM, Phillip Hallam-Baker wrote:
> > The equivalent Base2-20 fingerprint would be a sequence of images and
> > have a work factor of (2^112)
> > 
> > [z]-[z]-[z]-[z]-[z]-[z]
> > 
> > 
> > Anyone know where we might scrounge a million images? WikiSource perhaps?
> > 
> > It would probably behoove us to check them in some fashion but this
> > could be crowdsourced.
> > 
> > The idea of using images as an alphabet has ample prior art going back
> > to ancient Egypt.
> In this case, wouldn't it be viable, while keeping a text representation
> of the fingerprint, to employ a diceware-password-like approach to
> represent the fingerprint?
> With a reasonable english dictionary you get ~15 bits per word, which
> gets you up to a reasonable margin rather fast (~8 words) and is easier
> to inspect and compare visually.

I wonder if less if not more.

If you look at the diceware list, it has "easy to remember words" like
"aaaa", "abner" and "adair".  And, this list is just 7776 words long.
These are not only hard for a native speaker to memorize, but also for
those who speak english as a second language.

If we are going to make a new word list, I would recommend using
something based on the voice of america simply word list.  This
includes 1500 simple words, which all english speakers with basic
proficiency are familiar with.

Alternatively, there is the PGP Biometric word list [1], which aren't
as simple, but are phonetically distinct.

[1] https://en.wikipedia.org/wiki/Biometric_word_list


openpgp mailing list