[Security] Gajim 0.12's E2E encryption UI

Justin Karneges justin at affinix.com
Fri Aug 22 22:48:52 CDT 2008 

On Friday 22 August 2008 15:34:24 Pedro Melo wrote:
> As for UI for the SAS exchange, I'm partial to the use of the
> Mnemonic encoder with a GUI like this: http://mooseyard.com/Jens/
> 2008/04/cloudy-verification/ (page down, about three or four screens).

I was wondering when I'd finally see something like this!  I've long thought 
that a good solution for fingerprint verification would be to ask the user 
for the fingerprint rather than to simply display it.  The approach Jens uses 
is the same fundamental idea: intentionally withhold information and force 
the user to do work.

Sure, it's really annoying to have to do any kind of work, but I do think this 
approach could succeed as long as it is possible to skip the validation.

People just want to get things done.  If you say "verify this code" and you 
show them the code, and the only options are to proceed with a verified code 
or not proceed at all, then people are just going to lie to your software and 
press "okay" (see SSH).  If you say "obtain the code out-of-band", and the 
only options are to proceed with the code or not at all, then people are just 
going to lie to your software by obtaining the code in-band.

If, however, you say "obtain the code out-of-band", and the options are to 
proceed with a code or proceed without a code, now we are getting somewhere.  
Like, I think people might actually stop lying to our software.

For example, suppose you're faced with the prompt:
  "To trust Joe, obtain Joe's code out-of-band and type it below:"
  Code: [...........]
  (Okay) (Skip entering code for now)

If you press "skip", then you get to immediately communicate with Joe, without 
assurance that Joe really is Joe.  You could obtain the code in-band and then 
choose "okay", but what benefit does that get you?  You still don't have 
assurance that Joe really is Joe.  All you've done is tricked your own 
software and effectively lied to yourself.

BTW, I'm intrigued by the approach Jens uses, because it takes the geek edge 
off.  Having to type in a code is geeky.  Having to pick from a multiple 
choice list of codes would be geeky, too.  Having to pick from a list of 
three-word combinations is at least slightly lower on the geek-o-meter. :)

-Justin

More information about the Security mailing list