-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thanks for the correction - I didn't know there was a concept of edit distance for pronounciation.
Nevertheless, we still don't have a way to compare the noticeability of modifications across representations. How much phonic edit distance is equivalent to, say, the difference between modifying a character at the start of a fingerprint and modifying a character in the middle? It seems to me that the only credible way to answer such questions is empirically. We should start by making random modifications to the data to be compared, and measuring the error rate (false positives and false negatives) for each representation. Then we can come up with some hypotheses for which modifications are more or less noticeable for each representation, and test them against the data. *Then* we may be able to say that this modification to this representation is equally as noticeable as that modification to that representation - and if so, we can then ask which representation offers the most noticeability given an adversary with a computational budget for making least-noticeable modifications. Trying to guess which modifications will be least noticeable for each representation before we have any data is trying to run before we can walk, in my always humble opinion. ;-) Cheers, Michael On 26/05/14 11:12, Christine Corbett Moran wrote: > Actually we can have a metric for "sound alike" > > it's a bit hackish but a simple pass would be to use nltk here's an > example gist out there on getting pronunciation > https://gist.github.com/ConstantineLignos/1219749 > > two words "sound alike" if they have some specified edit distance > between their two pronunciations. e.g. one phone apart, or some > more complicated measure. > > C > > > On Mon, May 26, 2014 at 11:55 AM, Michael Rogers > <[email protected] <mailto:[email protected]>> > wrote: > > On 26/05/14 01:15, Tom Ritter wrote: >> Third: Figure out how to approximate an attacker who can perform >> 2^80 calculations in the 'weird' cases. For a 32-character hex >> fingerprint, a 2^80 attacker can match 20 characters. > >> Weird Case 1: An attacker matches the beginning and end parts of >> the fingerprint to try and trick someone doing a visual compare. >> Clearly, matching the beginning and ending 10 characters exactly >> is harder than matching any 20. but how much harder? Would a >> match of the beginning and ending 8 characters correctly >> characterize a 2^80 attacker? > > As I've mentioned before, I don't think we can make a fair > comparison of 'weird' attacks across fingerprint representations. > > Having said that... a 2^80 attacker can match 20 characters at > chosen positions. I don't know how to calculate how many characters > a 2^80 attacker could match at unchosen positions, but it seems to > me that it would depend on the number of positions, i.e. the length > of the fingerprint. > >> Weird Case 2: An attacker tries the match the fingerprint by >> pronunciation to try and trick someone doing a vocal compare. >> Again, matching 20 characters exactly and making the remaining >> 12 'sound alike' is harder than just matching 20. Would an >> attacker getting 28 characters to 'sound alike' and have the rest >> match exactly approximate a 2^80 attack? > > We don't even have a metric for 'sound alike', so this question > isn't well-founded. > > Cheers, Michael _______________________________________________ > Messaging mailing list [email protected] > <mailto:[email protected]> > https://moderncrypto.org/mailman/listinfo/messaging > > > > > -- Christine Corbett Moran [email protected] > <mailto:[email protected]> Physics @ ICS.uzh.ch > <http://ICS.uzh.ch> // Zurich: +41 79 962 4499 Dev @ > http://circleof6app.com // Boston: +1 (617) 398-0452 Dev @ > https://whispersystems.org // SF: +1 (415) 670 9629 > www.christinecorbettmoran.com > <http://www.christinecorbettmoran.com/> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJThI4/AAoJEBEET9GfxSfMwj0H/iLAxsPk6AS9gse3dQx+1c+N cAieLME58d63QjklQgVr67l9nMFSsJkSci3WelzJluJuf8xcFX+v/2X2nrWuZzfW ALm4AQLM5mKlKCEyhGlFOHFgN5X03NXN8PriSsQpJuytfiWQnt/2gpSpWcNUkvNY pkjOqvbC5t8xVEGudkoreNw53L+//JMcNjNFOWrX5qNQdawdWqZc6PXq1+0nFd1d 31uFGus2taxka34v6YM/8vzhhzsJMze58RRna+S+kui1MnBCJi3q43vYCVUMuCAw 4AqhfZZMw/BJn3JQHKZAuVzjXUh8IxFtL0NwC7Xv84sL2nVkeBh4iY13b6udFvk= =THuh -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
