Interesting link to the digital voice project. I also found this related work some days ago:
Loud and Clear: Human-Verifiable Authentication Based on Audio http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.110.1829 As an alternative to audible communication you could also try ultrasound, but I'm not sure how well that works quality wise. Regarding end-user agency in determining when their device broadcasts their signal: if you don't want broadcasting to happen all the time (very understandable), then you probably want some kind of explicit action from the user (tap button, gesture, wiggle phone in a certain way, etc), or some implicit action (e.g. wearables that detect the performing of a handshake: http://zenodo.org/record/11163). As already noted, the "fun" factor might also play a role in going for audible fingerprints, but how do you keep it fun the 20th time that you're pairing devices? About communication of the fingerprint over the phone: maybe JackPair has some relevant insights? https://www.kickstarter.com/projects/620001568/jackpair-safeguard-your-phone-conversation -- Arne Padmos On Tue, Aug 19, 2014 at 12:53 AM, Tony Arcieri <[email protected]> wrote: > On Mon, Aug 18, 2014 at 3:49 PM, Tom Ritter <[email protected]> wrote: >> >> If you're going to make a proactive step to exchange contact >> information, your options are Audio, NFC, and Bluetooth. > > > Or something like QR codes. > > I tend to take this view of QR codes: > > http://www.dotdisruption.com/wp-content/uploads/2014/05/qr-code-flow-chart.jpg > > ...but it might actually be the lesser of all evils here. With something > like Curve25519/Ed25519, a QR code alone should be sufficient to transfer a > public key. > > -- > Tony Arcieri > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
