
A Study of Key-Fingerprints: Hex vs. Base32 vs. Wordlists Vs - sufficient
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/dechand
======
ketralnis
The paper recommends sentence based fingerprints.

I've used rfc1751[0] which is word-based rather than sentence-based, but it's
pretty convenient. I use it for my password sharing tool[1] which creates
prompts that look like

    
    
        === secrets.vm ===
        common name: secrets.vm
        fingerprint: b957e10c998faa9909cff3ba4ec35485d04708c3ecc7481fe14d7f07bc0229cd
        public key:  c15e697e4807793ef8a9461a7b2c6cf2266d1ec1480a594e83b54e7b75e07702
        public sign: f1db594eb55fe97657c57f2aa01afd1210a46d42d80d5552ac4d548162d4968e
        mnemonic:    AM ROBE KIT OMEN BATE ICY TROY RON WHAT HIP OMIT SUP LID CLAY AVER LEAR CAVE REEL CAN PAM FAN LUND RIFT ACME
        does that look right? [y/n]
    

where "mnemonic" is the rfc1751 mnemonic of the sha256 of the other fields and
is designed to be shouted across a room.

I'd definitely be interested in a standardised sentence-based fingerprinting
system akin to rfc1751

[0]:
[https://tools.ietf.org/html/rfc1751](https://tools.ietf.org/html/rfc1751)

[1]:
[https://github.com/ketralnis/secrets](https://github.com/ketralnis/secrets)

------
nullc
My WAG at this problem a few years ago:
[https://en.bitcoin.it/wiki/User:Gmaxwell/visual_fingerprint_...](https://en.bitcoin.it/wiki/User:Gmaxwell/visual_fingerprint_comparison)

~~~
ketralnis
I'd really want to see that technique studied on actual users before trusting
it. I'm not convinced that users do anything more than glance at one or two
characters in hex passwords and even SSH's visual fingerprints are probably
insufficiently studied (but not totally unstudied[0]) to allow telling users
that glancing is enough. And if glancing isn't enough, using visual indicators
at all is probably actively harmful.

[0]: [http://dirk-loss.de/sshvis/drunken_bishop.pdf](http://dirk-
loss.de/sshvis/drunken_bishop.pdf)

~~~
nullc
In fact, I declined to post the implementation for that reason.

I'm not sure if you read my writeup but I attempted to address that "users
only glance at one or two characters" by suggesting the client show the users
which characters to compare. It's a little kludgy with a text UI, however.

The idea is that the field of characters is large enough that comparing only a
few is fine-- so long as they're selected in a way which isn't predictable to
the attacker.

