[Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]

Mon Oct 3 09:36:59 UTC 2011

On 30 Sep 2011, at 23:02, Timur Mehrvarz wrote:

> On 30.09.2011 22:09, Daniel Kahn Gillmor wrote:
>> Assuming Alice and Bob are sighted humans, they can observe their 
>> surroundings, and ensure that their cameras are taking photos of
>> the expected data (just the screen of the other phone), and aren't 
>> compromised by fancy antennas hiding in the bushes or whatever.
>> Then they rely on the cryptographic digest in the fingerprint to
>> bootstrap their way into confidence that the larger file
>> (transferred wirelessly) does indeed have the key the peer meant to
>> send them.
>> 
>> does this make sense?
>> 
>> --dg
> 
> Yes it does.
> 
> I want the implementation with the lowest number of required menu
> operations (clicks). I like to suggest to combine the two
> functionalities (show QR code / snap QR code) into one activity, and
> to auto-serialize them. This can be done, for instance, based on the
> Bluetooth nic addresses. So per convention we could automatically
> start the camera on the device with the smaller nic address and start
> showing the QR code on the device with the bigger nic address. If
> everything goes well (the user with the camera gets a "Received key
> verified!" message), we switch the process around. The complete 2-way
> process could be done with a total number of four clicks per user.
> 
> 1. click on the received .asc file
> 2. click on "QR verification" in the "Apply action..." menu
> 3. click to snap / click to continue to switch around
> 4. click to continue to switch around / click to snap
> 
> Or can we do "less"?

On phones with front facing cameras you can do the display QR code and take photo of a QR code step at the same time I expect. Working out which camera is pointed at the intended QR code might be interesting though? Might not be too much of a pain for users to manage that issue themselves with a well placed finger though.

Also instead of making the user click "continue" you could so something totally automatic. e.g. when a valid verification scan is done, the phone can immediately switch to display it's verification code and use it's wireless connection to request that the other phone displays the verification code. Then the human just needs to point cameras in the right direction.