From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Network security manager
Date: Sun, 23 Nov 2014 21:36:51 +0100
Message-ID: <m3k32l8xi4.fsf@stories.gnus.org>
References: <m3zjbqouyk.fsf@stories.gnus.org>
	<CAG-q9=Z7_T1-AYz=pYjvJeg1BM1i9VjYAu76V_pD5F7MpR8a2A@mail.gmail.com>
	<m3bno5igmh.fsf@stories.gnus.org>
	<87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk>
	<87a93oilxl.fsf@lifelogs.com>
	<87fvdg6xnn.fsf@alrua-karlstad.karlstad.toke.dk>
	<m3389gusli.fsf@stories.gnus.org>
	<878uj86wr4.fsf@alrua-karlstad.karlstad.toke.dk>
	<m3tx1wtbsz.fsf@stories.gnus.org>
	<87r3x05fze.fsf@alrua-karlstad.karlstad.toke.dk>
	<m361ectawm.fsf@stories.gnus.org>
	<87d28k5f17.fsf@alrua-karlstad.karlstad.toke.dk>
	<m3mw7oruge.fsf@stories.gnus.org>
	<87wq6r4tii.fsf@alrua-karlstad.karlstad.toke.dk>
	<m3k32rmuxn.fsf@stories.gnus.org> <87ioibmm46.fsf@galex-713.eu>
	<m361ebjsf7.fsf@stories.gnus.org> <87d28jml4q.fsf@galex-713.eu>
	<m3vbm58zie.fsf@stories.gnus.org> <m3r3wt8z95.fsf@stories.gnus.org>
	<878uj1vf72.fsf@galex-713.eu>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1416775052 9289 80.91.229.3 (23 Nov 2014 20:37:32 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 23 Nov 2014 20:37:32 +0000 (UTC)
Cc: Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= <toke@toke.dk>,
	emacs-devel@gnu.org
To: "Garreau\, Alexandre" <galex-713@galex-713.eu>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Nov 23 21:37:26 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XsduP-00047L-TC
	for ged-emacs-devel@m.gmane.org; Sun, 23 Nov 2014 21:37:26 +0100
Original-Received: from localhost ([::1]:49959 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XsduP-00045o-CG
	for ged-emacs-devel@m.gmane.org; Sun, 23 Nov 2014 15:37:25 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48415)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XsduI-00045j-5r
	for emacs-devel@gnu.org; Sun, 23 Nov 2014 15:37:23 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XsduC-0001OZ-Bg
	for emacs-devel@gnu.org; Sun, 23 Nov 2014 15:37:18 -0500
Original-Received: from hermes.netfonds.no ([80.91.224.195]:46239)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XsduC-0001ON-1p
	for emacs-devel@gnu.org; Sun, 23 Nov 2014 15:37:12 -0500
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
	helo=stories.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>)
	id 1Xsdtr-0000BK-JV; Sun, 23 Nov 2014 21:36:51 +0100
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEVDVlJaiIwQDRKwwcJG
	cG1PfHxVg4dejZHinuCYAAACcklEQVQ4jV2UTXPaMBCGVWPKFbUd6eoK2lyZUaZcXWJ6po6lXqsZ
	vFyjkER/v+9KhjDdYQZ7H+2H9sOiEReZn63tilx1LV7ahb2CthVihtc2v33F0313tXm4njOP1m7d
	MOyzzQW4vasaPI7O+ZgGmPzU+k+3d5CDQfQfozvbJ7GwOXbWj7Rb2yKP9ncBUHtPNJpV1t/DZgLQ
	Ein5l51ZuznbjRVIuWNlkFLLnbljgN9MIDDRSUYJSaliwhYAzlHQEiSmJGNvZtDazQIZIQBOa+hT
	jBpk+8EeZgg8Qh+TxnEdZYrVHWfEwIegU9Qyxsh/obLL+WElEDpInbIfTkCpfraZw8ITMmW9ZpSk
	ouPKPlcLBooTUjk6PHmHxlS18CqEkCI7YneByO0eLJx5CtlVLIFkb+b9d2vn2QK3SEiUuTTGdN8+
	W1uATvqUw6cvAKY+263g6ymcPaUsrwzQl63IBVGSJpAt0Jel8M4HgKALUBkYawRaymnJCaDwRQR3
	NVBSUhbQ34CAUpAvzvTTBWBCSEetKKRSyRuQ2x1LkJh2E0BrQ1BBxRLiTS4voOPZkae3AtARTpbB
	6y8KpEK6ANWb7TMD83HEXNEUQgU6mqPDGrRmTWNQqEi+I/pB1foF096aZkReJwTHkEjoh64WTScq
	02C01Akp8zwSeedqwb6aJU+pf5N5TGBxEMY0NXbtgH0iinzLkC0G7hWW+FONS3pUHoVEUli2Al6q
	mlcNPjgj1gMgeCNMDV+uLA/x0jnoO1HKgqV1o88pQeCjgLrLNq6onRu6DPA14ZXfu3d1W08g2zDa
	T98SwaB8Z7pbwTdmsvgfCfEPlJMfc+H2xKYAAAAASUVORK5CYII=
X-Now-Playing: Moby's _Play_: "Rushing"
X-Hashcash: 1:23:141123:galex-713@galex-713.eu::2BCuLlwluKYGp9lU:0000000000000000000000000000000000000005tLm
X-Hashcash: 1:23:141123:toke@toke.dk::bdJrlW/EOVMOdq08:00002HV8x
X-Hashcash: 1:23:141123:emacs-devel@gnu.org::+LRvj0sUL3UA9qlR:000000000000000000000000000000000000000002L4Zz
In-Reply-To: <878uj1vf72.fsf@galex-713.eu> (Alexandre Garreau's message of
	"Sun, 23 Nov 2014 21:23:45 +0100")
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)
X-MailScanner-ID: 1Xsdtr-0000BK-JV
MailScanner-NULL-Check: 1417379812.03716@mGAq1ROciPcph1bIxOEphQ
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:178125
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/178125>

"Garreau, Alexandre" <galex-713@galex-713.eu> writes:

> No, the developers had the idea and gave some examples of usages
> (background change within firefox according domain name=92s vizhash to
> prevent unicode-phishing for instance, or password verification, or
> things like that) without taking care of spreading the idea (which I
> think could have a real success).

Right.

> Oh, I thought gnutls could give an md5 of pubkey since certtool --info
> give the md5sum just before the sha1=85 Anyway if it=92s to gnutls to
> calculate it it means it=92ll be less secure and more likely to find
> collisions=85 :/

If I remember correctly, it gives both md5 and sha1 of the certificate
ID, but not the public key ID.

The gnutls function for getting the public key ID is
gnutls_x509_crt_get_key_id, which does not take the hashing function as
an input -- it just outputs the sha1.

My take on the situation is that I think stuff like this:

function hashString(text) {
  var hash =3D hex_sha1(text) + hex_md5(text);
  return hash + hash.split('').reverse().join('');
}

(i.e., sha1+md5, and then add a reversed version of that to get plenty
of values to make drawings out of) is unlikely to get much uptake as a
visualisation method throughout the industry.

I like the idea: Showing a (somewhat) memorable image (and it's
certainly a lot more memorable than the ssh "random art").  But if this
doesn't get any uptake outside of Emacs, is it worth doing in Emacs?

Of course, the images we show in Emacs could be Emacs-"proprietary".
But then we could just disregard the vizhash implementation completely
and do our own algorithm based on better hashes.

I think.

Anyway, to implement the algorithm as is, we'd have to replicate most of
gnutls_x509_crt_get_key_id to get at the md5.  That's not a major issue,
but...

--=20
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no