On 2014-11-19 at 09:55, Lars Magne Ingebrigtsen wrote: > Toke Høiland-Jørgensen writes: >> Finally, GnuTLS has the ability to generate ASCII art of the certificate >> public key, like this: >> >> Public key's random art: >> +--[ RSA 4096]----+ >> | ..o .| >> | ooo.o| >> | .o..o| >> | . o + .| >> | . S = E | >> | o . o . | >> | = o . o | >> | B .. .... | >> | .+ oo..o++ | >> +-----------------+ > > Unfortunately, this seems to have been introduced in a later version of > the library than what I have on my development machine, so I haven't > been able to test. > >> Supposedly, this should make it possible to verify a certificate at a >> glance (relying on human visual memory being superior to our ability to >> recognise long strings of alphanumericals). Might be worthwhile to >> include this in (some of) the popups? Can't really figure out if I think >> it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli >> uses it... The function is gnutls_random_art(). > > Yeah, I don't know either whether it's useful. Does anybody else have > an opinion? Anybody ever found the "random art" handy? Hexadecimal fingerprint are hard to check. At least if someone want to take less time she just check some last or first characters, and that can be easily faked, and is not secure. There’s no way with an hexadecimal string to do a “global approximative check”, what could really accord security with a fingerpint. ASCII art, and images in general, are really easily checkable, it takes only 2s, and done. It also exists in graphic, it’s named vizhash: it just compute simple colored (shaped or not) forms (triangles, circles…) according output of long hash functions. It’s *really* efficient to check things. I’d love to see Emacs being the pioneer of introducing this nice feature to the end user, GNUnet should be the next.