
Visualizing hex bytes with Unicode emoji - mmastrac
http://www.windytan.com/2014/10/visualizing-hex-bytes-with-unicode-emoji.html
======
acqq
The mapping of only one byte to one symbol results in too many symbols in one
fingerprint. Using more than 8 bits per symbol would result in something much
easier to recognize. The goal should be "staple battery horse" and not "p k b
t v r m n z x t c." Was my key "p k t b t v r m n z x t c" or was it "p t k b
t v r n m z x t c," who can see the difference?

However another danger is all the emoji that look too similar. It can be too
easy to forge one emoji wink instead of another. So it can be not so good an
idea in general. But maybe somebody demonstrates the easyness of
differentiation or manages to select only the symbols that are visually and
cognitively different enough for the "alphabet." Still I suggest significantly
more than 256 elements, and significantly different one from another. That's
the hardest part.

~~~
michaelmior
Knowing minor differences is likely to be unimportant. This really only
matters if an attacker is able to generate a key with _almost_ the same
fingerprint. AFAIK, there is no way to do this. I do agree though that the
string of emoji is still hard to memorize.

~~~
acqq
Almostness reduces the brute-forcing effort. It's not something to be hand-
waved, programming to bruteforce just until it's "good enough" is easy. Once
somebody learns that he doesn't have to carefully check the signature he won't
check at all. The goal is to have as little to check as reasonable, but to
check thoroughly.

~~~
michaelmior
Agreed that this reduces the effort, but I'll believe it's easy when I see it
:) In any case, I think OpenSSH randomart is likely to be more effective than
the emoji approach.

------
peteretep
I did something similar with colours in the console, but this is much cooler!

------
s_tec
My system didn't have the right fonts for this to work, but installing
"symbola" seems to have fixed that. The package is called "ttf-symbola" on
Arch.

------
jarcane
Unicode is fun to play with. I found a trick the other day in Racket to
squeeze text using ligature codes into fewer visible characters; really handy
for tweet-sized code golfing.

------
est
need some variant of robohash for SSH fingerprints.

------
unwind
Neat! Melons and spruces!

This almost triggers my Stack Overflow-honed reflexes to go on a huge rant
about the fact that there _are_ no "hex bytes" anywhere in your computer. But
I guess the OP's author really does know that, and is just being colloqial.

Still, it seems to create a lot of confusion among beginning programmers, so
it's a somewhat unfortunate way of expressing things, in my opinion.

~~~
JonnieCache
I'm confused. What you mean is that _all_ bytes are hex bytes if you choose to
look at them in hex, right?

~~~
acqq
No bytes are hex bytes. Bytes are bytes. You can display them however you
like, even one byte as one emoji (what I argue to be too inconvenient
representation in another message). But they are also not "emoji bytes." They
are just bytes. As in "octets of bits," bit being a unit of information. And
hystorically, the bytes weren't even necessarily octets, but some other group
of bits.

~~~
JonnieCache
This is semantics. For the record: I know what a byte is, and I am fully aware
that numbers exist independently of any representation.

