[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Garreau\, Alexandre
Subject: Re: Network security manager
Date: Wed, 19 Nov 2014 13:05:29 +0100
User-agent: Gnus (5.13), GNU Emacs 24.4.1 (i586-pc-linux-gnu)

On 2014-11-19 at 09:55, Lars Magne Ingebrigtsen wrote:
> Toke Høiland-Jørgensen <address@hidden> writes:
>> Finally, GnuTLS has the ability to generate ASCII art of the certificate
>> public key, like this:
>>      Public key's random art:
>>              +--[ RSA 4096]----+
>>              |           ..o  .|
>>              |            ooo.o|
>>              |            .o..o|
>>              |       .    o + .|
>>              |      . S    = E |
>>              |     o . o  .    |
>>              |      = o .  o   |
>>              |       B .. .... |
>>              |     .+ oo..o++  |
>>              +-----------------+
> Unfortunately, this seems to have been introduced in a later version of
> the library than what I have on my development machine, so I haven't
> been able to test.
>> Supposedly, this should make it possible to verify a certificate at a
>> glance (relying on human visual memory being superior to our ability to
>> recognise long strings of alphanumericals). Might be worthwhile to
>> include this in (some of) the popups? Can't really figure out if I think
>> it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli
>> uses it... The function is gnutls_random_art().
> Yeah, I don't know either whether it's useful.  Does anybody else have
> an opinion?  Anybody ever found the "random art" handy?

Hexadecimal fingerprint are hard to check. At least if someone want to
take less time she just check some last or first characters, and that
can be easily faked, and is not secure. There’s no way with an
hexadecimal string to do a “global approximative check”, what could
really accord security with a fingerpint.

ASCII art, and images in general, are really easily checkable, it takes
only 2s, and done. It also exists in graphic, it’s named vizhash: it
just compute simple colored (shaped or not) forms (triangles, circles…)
according output of long hash functions. It’s *really* efficient to
check things.

I’d love to see Emacs being the pioneer of introducing this nice feature
to the end user, GNUnet should be the next.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]