[OTR-dev] mod_otr: man in the middle implementation for ejabberd

Paul Wouters paul at cypherpunks.ca
Mon Apr 2 02:04:07 EDT 2007


On Sat, 31 Mar 2007, Donny Viszneki wrote:

> However, I do acknowledge that the idea of the fingerprint is not one
> that has experienced a great deal of penetration into the collective
> of mainstream computer users.

Using the "session id" is easier for "non computer experts". I have
been thinking how to make it more friendly towards "non computer experts".
Perhaps we could permanently display the session-id somewhere.

Another issue is that no non-expert will even realise to right-click the OTR
button. The alternative via pop-ups though is also not a good way, and
annoys the heck out of the more expert users.


> I have been rolling around an idea in my mind for a long time to
> improve the utility of fingerprint/checksum mechanisms by making
> fingerprints more memorable. What if the output of a hash weren't such
> tightly packed, seemingly random data? What if you plugged
> fingerprints into a dictionary file and got out a couple of words
> instead? What if you plugged it into a clipart library? Or the library
> of congress?

Similar things have been done before, such as bubble-babble.

> As mentioned earlier, I'm sure a lot of research could be invested in
> determining which techniques produce the most effective output.

I'm not sure how that all fits into the fingerprint of the *other*
user....

Paul



More information about the OTR-dev mailing list