On 2013-09-01 11:16 AM, Jeremy Stanley wrote:
At free software conferences, where there is heavy community penetration for OpenPGP already, it is common for many of us to bring business cards (or even just slips of paper) with our name, E-mail address and 160-bit key fingerprint. Useful not only for key signing (when accompanied by photo identification), but also simply allows someone to retrieve your key from a public keyserver and confirm the fingerprint matches the one you handed them.
The average user is disturbed by the sight a 160 bit hash.
When posting graphic images on my blog, I have to name the image twice, once when I store it on my website, and once when I reference it in a post. Despite the fact that the names are meaningful and human readable, and the total number of images is not unreasonably large, I find it quite difficult to enter exactly the same name the same way twice. Much of the time the image mysteriously fails to appear, even though I cannot see any typo, the two spellings right in front of me look exactly alike.
The end user's instinctive fear of 160 bit hashes is well founded.. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
