[OTR-dev] mod_otr: man in the middle implementation for ejabberd
Paul Wouters
paul at cypherpunks.ca
Mon Apr 2 02:04:07 EDT 2007
On Sat, 31 Mar 2007, Donny Viszneki wrote:
> However, I do acknowledge that the idea of the fingerprint is not one
> that has experienced a great deal of penetration into the collective
> of mainstream computer users.
Using the "session id" is easier for "non computer experts". I have
been thinking how to make it more friendly towards "non computer experts".
Perhaps we could permanently display the session-id somewhere.
Another issue is that no non-expert will even realise to right-click the OTR
button. The alternative via pop-ups though is also not a good way, and
annoys the heck out of the more expert users.
> I have been rolling around an idea in my mind for a long time to
> improve the utility of fingerprint/checksum mechanisms by making
> fingerprints more memorable. What if the output of a hash weren't such
> tightly packed, seemingly random data? What if you plugged
> fingerprints into a dictionary file and got out a couple of words
> instead? What if you plugged it into a clipart library? Or the library
> of congress?
Similar things have been done before, such as bubble-babble.
> As mentioned earlier, I'm sure a lot of research could be invested in
> determining which techniques produce the most effective output.
I'm not sure how that all fits into the fingerprint of the *other*
user....
Paul
More information about the OTR-dev
mailing list