Re: Key fingerprints?

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

>> - I'd like to collect specifications for the various fingerprint
>>    formats in use, [...]
> GNU lsh displays openssh-style md5 fingerprints, and ssh.com-style
> "bubble babble".

This is just the sort of thing I was looking for; I'll have to see if I
can dig up a spec for bubble babble fingerprints.  At worst I suppose I
can try to work it out from the code; if it's a GNU program I'd be
shocked if source weren't available.

>> - I'd like to come to some kind of agreement for how to compute and
>>    represent fingerprints in a way that's a bit more future-friendly
>>    with respect to hash algorithms than just printing hashes in hex.
> I'm kind-of skeptic to displaying the fingerprint in some form
> intuitively recognizable and rememberable by humans.

Yes, I agree; any fingerprint with enough information to be worth
bothering with is probably beyond what most humans will be willing to
memorize.

> So I think the primary use case is for the user who actually have the
> expected fingerprint written down and wants to compare it to what's
> displayed on screen.

Or - to cite my own use case - has the correct fingerprint in one
window and wants to compare it with the fingerprint displayed by an ssh
client in another window.

> I totally agree it would be nice to standardize the fingerprints.  I
> think it would make sense to

> 1. Use a stronger hash function than md5, and if standardizing
>    something new at this time I think it's prudent to also choose
>    something stronger than sha1.

Agreed on both counts.

> 2. Consider carefully what length of the fingerprint really is
>    needed, and if we think something shorter than 256 bits is good
>    enough, truncate the output of sha256 or sha3-256 or whatever
>    function is chosen.

I'm actually tending towards using multiple algorithms, each truncated
(or folded) to a short length and then concatenated, with tweaks like
the ones HMAC uses to reduce the utility to an attacker of weaknesses.
After all, we're hashing relatively small data blobs here; extra
computation is not a very big deal.

> 3. Use some more compact and/or more readable alphabet than hex.

Definitely.

>    I don't have an informed opinion on whether or not things like
>    bubble-babble or the "random ascii-art" thing really helps users.

In general, neither do I.  But I have found that, in my own case, the
base-85 encoding is _much_ more usable than the openssh-style hex.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B