[Security] Gajim 0.12's E2E encryption UI

Pedro Melo melo at simplicidade.org
Fri Aug 22 17:34:24 CDT 2008


On Aug 21, 2008, at 3:16 PM, Eric Rescorla wrote:
> On Thu, Aug 21, 2008 at 5:28 AM, Simon Josefsson  
> <simon at josefsson.org> wrote:
>> Jonathan Schleifer <js-xmpp-security at webkeks.org> writes:
>>> GPG should only be an option and not the default, never more, as GPG
>>> is not user friendly to the average user.
>> I don't think non-technical users need to ever see anything except
>> similar user interfaces as shown earlier in this thread.
>>> It wouldn't really work with a dialog like that. We already have
>>> problems getting people to verify the SAS, how do you expect them to
>>> verify a fingerprint? ;)
>> You can transform an OpenPGP key fingerprint into a SAS-like  
>> string, if
>> that makes you feel better, and ask users to verify that.  Hash the
>> OpenPGP fingerprint, truncate it and encode it using the same  
>> length and
>> characters as used by SAS today.
> This actually isn't as secure as an SAS if done exactly this way,  
> because
> the attacker can generate a key that matches the truncated hash via
> exhaustive search.
> What is secure is if the relying party chooses random bits out of the
> fingerprint to ask the user to check, thus forcing the full  
> fingerprint
> to be secure. I'm not yet sure how to do a good UI for this.

You could use OpenPGP certificates in a TLS negotiation (using RFC  
5081) with the SAS extension for TLS (described here: https:// 
which does not have the problem you describe.

As for UI for the SAS exchange, I'm partial to the use of the  
Mnemonic encoder with a GUI like this: http://mooseyard.com/Jens/ 
2008/04/cloudy-verification/ (page down, about three or four screens).

Best regards,
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org

More information about the Security mailing list