Hacker News new | past | comments | ask | show | jobs | submit login
Representing SHA-256 Hashes as Avatars (francoisbest.com)
143 points by flurly on June 16, 2021 | hide | past | favorite | 47 comments



Neat! This reminds me of urbit sigils[1]. The problem with urbit sigils is that they only support 32 bits of entropy because that's the size of urbit's owned real estate space. These hash avatars support 8 times the entropy and also directly map to a 256 bit public key although one may want to be slightly careful mixing the use cases without some other visual queue (this is a sha256 vs this is a pubkey).

[1]: https://urbit.org/blog/creating-sigils/


definitely. I far prefer urbit Sigils because they are visually more interesting, diverse, and memorable.


Additionally, aside from aesthetically pleasing, Urbit sigils are very straightforward to implement:

# sha3sum <<< 'textprotocol@github' | urbit | sigil | convert svg:- jpg:- | jp2a -

[1] https://github.com/textprotocol/sigil


This one is new to me. Pretty cool.


urbit sigils with 8 colour options seems like a no-brainer then.


Isn't that just 35 bits?


Things like this are less useful for creating an avatar than for creating a fingerprint - if your web browser displayed something akin to this instead of a padlock for SSL sites you’d easily notice when it changed color (indicating the SSL cert changed).

It’s less useful once you realize that if you can attack the SHA you don’t need to get one exactly matching, just something that causes a “similar” color scheme.


Similarity attacks can be mitigated in the following ways:

[1] Create as much perceptible variation as possible - TV static and minor color changes are not. [2] Make representations humans can remember - faces or images over abstract objects/shape color combinations [3] Make generating each representation expensive, so that searching for a visually similar fingerprint is expensive.

IMO most hash visualizers fail at all 3.

[3] is similar to hashing itself, except "visually similar" is substituted for "exactly equal". This is already taken care of by the hashing algorithm if it is slow, e.g. password hashing algorithms.

[1,2,3] could be solved with a GAN. Note that the GAN does not have to worry about making similar hashes produce dissimilar outputs, because finding a similar hash is already hard.


I like the idea, but isn’t it best practice to rotate TLS certificates every year? Even one rotation would destroy the usefulness


Sure - I’m not sure the usability is tremendous - as lets encrypt does 90 days - but it’s something that could be useful in some situations - similar to the SSH key “fingerprint”.


eh, this version just looks like circles.

in the end, onces ubiquity sets in, the novelty wears off and every website blurrs into a single undifferentiable mess.

theres no escape from educating users


I've had a lot of fun generating art from sha-256 hashes recently too! https://hash.jordanscales.com/ It's not materially different from just seeding a RNG with the hash, but actually reading bytes from the hash is just so... charming.


I really love the candlestick and chess ones! Very cool.


Dunno, I suspect that most folks wouldn't after a weekend remember more than "It was mostly purple".

Seems like you need something like a small cartoon with variables like: 1-8 characters, 16 skies (moon, sun, storm, windy, snowing, hail, etc), 32 scenes (playground, beach, office, home, yard, forest, ski slope ...), species of each character, emotional state, etc.

Then people would remember things like 4 characters, it was snowing, and a mad cat was talking to a sad dog and 2 kids dancing on a mountain top.


Will people really tell the difference between on a snowing beach with a sad princess and a neutral expression genie, versus on a snowing beach with a sad princess and a happy expression genie?

Because: (EDIT: Unfortunately, HN seems to strip emojis).

1..n..8 characters, assuming 1000 emojis, is somewhere ~along 1000^9 bits of emoji.

16 skies is 16 bits of entropy.

32 scenes is 32 bits of entropy.

You multiply those together, and you get 5.12e29, or 2^98. That is considerably smaller than 2^256.

-----

To get to 2^256 bits of entropy with an emoji set, you need 25 emojis. That's very long. That's like (HN stripped emojis).

Can you tell a difference between that and ? At a glance?


Indeed, trick is normal humans are not going to remember, let along recognize 256 bits of state from a picture.

Seems like the best you can hope for is enough bits in a fingerprint that users can tell when it changes and make it harder to find a fingerprint that fools the user.


Kind of similar idea to emojisum

https://github.com/emojisum/emojisum


Blockies (sha-256 avatars) worked for me as a quick sanity check to make sure I'm sending to/from the correct wallet. You're dead on, I would remember them as "mostly purple." Never had an issue. I usually check the last few digits as well just to make sure.


I build something similar recently inspired by Francois original post. Some studies here:

https://code.sgo.to/2021/06/14/sha256.html https://code.sgo.to/2021/06/14/avatars.html


That's a very interesting idea. Faces have the major advantage that our brains have special circuitry to distinguish and remember faces, making this more tamper proof in practice. The disadvantage is that using faces is likely to lead to confusion. I guess that's what the triangulation is supposed to counter.

You could also easily switch the GAN for different types of hash-like sequences, e.g. people for public keys, cats for bitcoin addresses, etc


Wow that's way better than the article and any other link posted in the comments!

Amazing work.


Some discussion from a few months ago: https://news.ycombinator.com/item?id=26861728


This is kind of obvious (yeah I know how hashing functions work) but I have to say I loved how modifying from my name "ARTHUR MAROUFI COLLE" to "ARTHUR MAROUFI COLLÉ" completely changed the palette from a nice summery set of green/yellow hues to a dark purple Miami Vice/synthwave vibe


It’s really remarkable how a few primes and successive add, rotate, and xor operations can give (seemingly) completely random bit patterns, consistently for different inputs. It’s almost unreasonably effective (referring to sha255 algorithm here although hash algorithms also like Blake and salsa etc).


Vaguely related, SSH VisualHostKey / randomart

https://medium.com/@elg0nz/what-are-ssh-fingerprint-randomar...


Sure. But equally attackable I fear. If the attacker knows that you are just veryfing the visual appearance it should be much easier to brute force it and present something different that somehow looks similar enough that the difference is unlikey to be spotted.

Well, admittedly just a feeling. I have neither done the math nor any testing how big differences are likely to go undetected.

The best verification in openssh is to copy-paste the correct fingerprint as an answer instead of replying yes/no.


The "blend between equal radii and equal areas" interactive is lovely. I prefer 0.37


I’ve been wanting to do something similar to this, but using locality sensitive hashing. The use case is an artificial life simulator I’m working on, where organisms with similar genomes (by some definition of similar) look visually similar so it’s easy to watch the proliferation of different cell lines around a medium. I’ve tried searching for prior art along the lines of visual indexing optimized for human brains, but haven’t really been able to turn anything up. Is there a term that I could search for?


I wonder if you could create a hashing algorithm that made outputs more like this https://towardsdatascience.com/avatargan-generate-cartoon-im... So instead of representing a hash the image is the hash and an actual avatar at the same time.


We seem pretty bad at remembering color. It would be much more impactful to deal with shape and motion.


Motion doesn't work for screenshots or printed paper.


Are we certain those are both actual use-cases though? When would we need this information in those formats?

Not trying to be difficult. Just looking for technical possibilities.


Let's say you're printing out a paper backup of your seed words?

Or sharing a screenshot of the avatar on signal to confirm its authencity?


I don't think either of those are appropriate use cases for hash avatars. Print as a QR code maybe. In the latter case you can capture a video to share.


This is cool. I can imagine art pieces (think NFTs) being created in a manner similar to this. Imagine that to create a new piece in a collection (a new crypto punk for example), all you had to do was to create a new hash. Is anyone familiar with any products similar to ops?


Have a look at opensea, it's been done a million times.


I dont understand the draw of this over QR codes -- doesnt involving color make reading more difficult and more error-prone? Wouldnt scanning color be error prone given shadows, ambient light, etc? Also, wouldnt one need an outer ring or some calibration strip?


> I dont understand the draw of this over QR codes

QR codes are for computers to read. These are for humans to read.



Looks like Blue Monday from New Order: https://www.youtube.com/watch?v=c1GxjzHm5us



Author here: I love this song, and I had never seen the music video before. Thanks for pointing out a happy coincidence!



I don't remember when I've seen it, but an IPV6 address representation used english words, instead of the 16-bit octets...


Now use this to show the public key of a user in their avatar. :)


These aren’t avatars


Very cool idea! Love it!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: