[Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)

Perry E. Metzger perry at piermont.com
Wed Aug 28 11:52:38 EDT 2013


On Wed, 28 Aug 2013 10:24:43 -0400 Jerry Leichter <leichter at lrw.com>
wrote:
> > I wouldn't know how to trust publication online in the first
> > place.
>
> In exactly the same way you trust paper publications that contain
> today's style of addresses.

But I don't. As I said, I typically get a friend or collaborator's
email address from them or from someone else I know. I don't get them
from paper publications, or QR codes. Often as not they are literally
written on cocktail napkins at conference receptions.

> > "Perry Metzger's email is <big string>"
> > "How do I know that's true?"
> And exactly how is this different from "Perry Metzger's email is
> perry at piermont.com"?

If you meet me and I say it to you, I'm probably reasonably correct
about it. If you ask a mutual friend what it is (possibly by email),
they're probably reasonably correct.

> A minority of people have addresses that are easy to remember.

That's not true, actually. I know because I make a habit of not using
an address book in my mail program. In any case, "easy to remember"
isn't the issue, "easy to scribble down accurately" is.

> Most - by far the majority - have some random-looking set of
> letters and digits with some part of their first or last name or a
> nickname embedded somewhere inside at gmail or yahoo or some
> institution.

So, I just did a check. I have a file with all the addresses I care
about in it (I manually cut and paste them into email when I want
to.) It has 625 addresses in it. Of those, 47 have digits in them. I
note that the vast majority of those are addresses of people at
Columbia University, which has a particularly bad naming system but
where I have a lot of correspondents. Of the rest, the majority are
things like "matt at example.com", or "joe.example at gmail.com" -- easy to
write on a cocktail napkin.

I note exactly none of the addresses contain 10 digits of base 64.
Even the numeric ones are things like "jrn26" for someone with those
initials, which is pretty easy to scribble down.

> Frankly, I have trouble remembering the last time I got someone's
> email address by having them tell it to me.

For me, it was Monday, over the phone.

Anyway, we both have our opinions here, I'm sure we're not going to
come to a single agreement. I'm implementing something based on my
hunches, I invite others to do the same.

Let a thousand flowers bloom...

Perry
-- 
Perry E. Metzger		perry at piermont.com


More information about the cryptography mailing list