all InfoSec news
The Effect of Length on Key Fingerprint Verification Security and Usability. (arXiv:2306.04574v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
In applications such as end-to-end encrypted instant messaging, secure email,
and device pairing, users need to compare key fingerprints to detect
impersonation and adversary-in-the-middle attacks. Key fingerprints are usually
computed as truncated hashes of each party's view of the channel keys, encoded
as an alphanumeric or numeric string, and compared out-of-band, e.g. manually,
to detect any inconsistencies. Previous work has extensively studied the
usability of various verification strategies and encoding formats, however, the
exact effect of key fingerprint length on …
adversary adversary-in-the-middle applications attacks channel detect device email encrypted end end-to-end fingerprint fingerprints hashes impersonation instant messaging key keys length messaging party secure email security truncated usability verification