[Security] Gajim 0.12's E2E encryption UI
justin at affinix.com
Fri Aug 22 22:48:52 CDT 2008
On Friday 22 August 2008 15:34:24 Pedro Melo wrote:
> As for UI for the SAS exchange, I'm partial to the use of the
> Mnemonic encoder with a GUI like this: http://mooseyard.com/Jens/
> 2008/04/cloudy-verification/ (page down, about three or four screens).
I was wondering when I'd finally see something like this! I've long thought
that a good solution for fingerprint verification would be to ask the user
for the fingerprint rather than to simply display it. The approach Jens uses
is the same fundamental idea: intentionally withhold information and force
the user to do work.
Sure, it's really annoying to have to do any kind of work, but I do think this
approach could succeed as long as it is possible to skip the validation.
People just want to get things done. If you say "verify this code" and you
show them the code, and the only options are to proceed with a verified code
or not proceed at all, then people are just going to lie to your software and
press "okay" (see SSH). If you say "obtain the code out-of-band", and the
only options are to proceed with the code or not at all, then people are just
going to lie to your software by obtaining the code in-band.
If, however, you say "obtain the code out-of-band", and the options are to
proceed with a code or proceed without a code, now we are getting somewhere.
Like, I think people might actually stop lying to our software.
For example, suppose you're faced with the prompt:
"To trust Joe, obtain Joe's code out-of-band and type it below:"
(Okay) (Skip entering code for now)
If you press "skip", then you get to immediately communicate with Joe, without
assurance that Joe really is Joe. You could obtain the code in-band and then
choose "okay", but what benefit does that get you? You still don't have
assurance that Joe really is Joe. All you've done is tricked your own
software and effectively lied to yourself.
BTW, I'm intrigued by the approach Jens uses, because it takes the geek edge
off. Having to type in a code is geeky. Having to pick from a multiple
choice list of codes would be geeky, too. Having to pick from a list of
three-word combinations is at least slightly lower on the geek-o-meter. :)
More information about the Security