Comment Re:How hard is it to found a collision? (Score 2) 86
If you are not doing anything special to filter the images, it's not terribly difficult to find a duplicate. If Alice is concerned about her security, she would do well to check every bit of her fingerprint twice. If Alice is my grandmother, on the other hand, I would be lucky if she even glances at the fingerprint at all, much less verifying it. In short, the point of Vash is to augment existing security mechanisms to make them more accessible to an audience with less understanding of public key cryptography. It's definitely not as good as the raw hex string, but it should allow you to use public key cryptography at all in markets where you might not have wanted to before.
That said, you really should be filtering the outputs. A good keygen implementation will need to take into account the visual properties of the output signature, as well as the cryptographic properties of the key (e.g. so that you can have a checkbox for colorblindness in your UI). The generator is random and will occasionally spit out images that are just obviously not useful and filtering the outputs solves many of these problems. If your keys are distributed centrally, the problem is even easier because you can conceivably ensure that all images are sufficiently different from one another.