Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:How hard is it to found a collision? (Score 2) 86

If you are not doing anything special to filter the images, it's not terribly difficult to find a duplicate. If Alice is concerned about her security, she would do well to check every bit of her fingerprint twice. If Alice is my grandmother, on the other hand, I would be lucky if she even glances at the fingerprint at all, much less verifying it. In short, the point of Vash is to augment existing security mechanisms to make them more accessible to an audience with less understanding of public key cryptography. It's definitely not as good as the raw hex string, but it should allow you to use public key cryptography at all in markets where you might not have wanted to before.

That said, you really should be filtering the outputs. A good keygen implementation will need to take into account the visual properties of the output signature, as well as the cryptographic properties of the key (e.g. so that you can have a checkbox for colorblindness in your UI). The generator is random and will occasionally spit out images that are just obviously not useful and filtering the outputs solves many of these problems. If your keys are distributed centrally, the problem is even easier because you can conceivably ensure that all images are sufficiently different from one another.

Comment Re:looks to be suffering from graphic repetition (Score 1) 86

If you are building a system that uses hashes that cannot upgrade cleanly when the hash function it is using is compromised, then your system has a serious design problem. Our documentation notes that you should store the algorithm identifier alongside the hash because not doing so is simply wrong, no matter what hash function you are using, visual or otherwise.

Comment Re:looks to be suffering from graphic repetition (Score 1) 86

Finally, I would suggest creating many significant improvements and then stopping. You know what makes Cryptographic Hashing functions useful? The fact that, given the same inputs, version 0.9alpha and version 99-nonnillion point oh of a SHA-512 implementation will always generate the same results.

This is the purpose of the algorithm string. The same algorithm string and data pairing will produce the same images, regardless of Vash's version.

Comment Re:looks to be suffering from graphic repetition (Score 0) 86

Thanks for the insight into its inner workings. I hadn't read about Mersenne Twisters before.

You are quite welcome.

What about using diamond-square fractals (e.g. plasma/cloud fractals - http://en.wikipedia.org/wiki/Plasma_fractal) to generate unique terrain? I would think humans might recognize differences in terrain (which our brains have probably evolved to do) more readily than differences in abstract images.

An excellent idea, thank you. I'm always on the lookout for more distinctive shapes to use as inputs and this thread has been most bountiful in that regard.

Comment Re:Pretty but... (Score 1) 86

... and you may want to add sub-parameters, including, not just a set of good node frequencies or other parameters of the node walk, am I making sense?

I've already got an issue in the tracker for that :-). I want to make the full suite of low-level parameters tweakable through a special algorithm string, so that people can make their own unique stylings using Vash's generator, without having to do any coding.

Comment Re:looks to be suffering from graphic repetition (Score 1) 86

Individual bit flips will lead to wildly different images. What's actually going on behind the curtain is: the input data gets run through SHA512, which seeds a Mersenne Twister, which drives a guided random walk over a collection of input nodes to build a tree. Random elements (like position and color) are only a very small part of the algorithm. However, as you note, we really do need more terminal elements, and that is one of the main things I want to do for version 2.

Comment Re:Pretty but... (Score 2) 86

(Why the readme file is README.md, I can't guess.)

.md is the extension for MarkDown, which github automatically turns into pretty html.

(You specify the hashing algorithm by a parameter, and, no, they don't recommend the parameter that specifies MD5. I didn't read far enough to guess as to why the parameter is not the name of the algorithm.)

The algorithm string also controls the node frequencies of the guided random walk that builds the function tree. Different algorithm specifiers can give you wildly different looking images. At the moment, it just changes the hash function, but future versions will add new node types and need a way to those parameters to generate backwards-compatible images.

Slashdot Top Deals

Men take only their needs into consideration -- never their abilities. -- Napoleon Bonaparte