-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Are key IDs good security UX? #8
Comments
I have mixed feelings about this. All technologies have aspects of that technology that the user must understand, from riding a bicycle to flying in a airplane. I the web you need to know about urls and "refresh". I think the idea that people can't understand crypto is wrong. It's that people try to explain it by talking about advanced math. You don't need to understand the math, you just need to understand it's properties. take for example this fary tail: http://en.wikipedia.org/wiki/Rumplestiltskin It is basically about asymetric cryptography. The imp spins straw into gold (mining bitcoin?). As is mentioned in the Variant section many (most?) cultures have a variant of the same story. |
Also, people can handle phone numbers, credit card numbers, and bitcoin addresses. People understand the concept of DNA or a fingerprint being unique identifiers. We should certainly avoid the need to have people copy or manually enter in hashes, |
Also, to use facebook people still need to understand things about how facebook works, |
I agree on all counts (and we should check if rumplestiltskin wasn't a written by a time-traveling satoshi). My problem isn't that people can't handle an id- it's that an attacker can generate a collision id, and people will have learned to rely on its uniqueness. If you can't really trust an id fully, then you'll have to also check the public key and the mutual followers, so the id wasn't a benefit. If we can do a 32 byte ECC, that'll be in the ballpark of a credit card...
That's not bad at all |
absolutely. |
we are addressing this using https://github.com/pfraze/base-emoji |
I love this. ❤️ 👍 it's a great idea for interfacing with humans. |
@jbenet you should install phoenix and see what your emoji name is! |
Thoughtful post on this: https://www.debian-administration.org/users/dkg/weblog/105. I love the proquint, but I wonder if we're better of relying on the WoT?
The text was updated successfully, but these errors were encountered: