points by nwh 12 years ago

The interesting thing with the graphic patterns is that they're lossy. If you assume that a person will just describe the pattern or show a picture of them to one another, it becomes fairly easy to forge them.

http://telegram.org/img/key_image.jpg

Blue in the top and bottom, white line through the middle. So little information that anybody could simply brute force the keys until they found one that matched the description well enough.

I'd happily write a little attack for that, but it's clearly not "breaking" the system enough for the bounty.

sneak 12 years ago

Someone did exactly this "fuzzy fingerprint" attack for ssh host keys in 2003:

https://www.thc.org/papers/ffp.html

  • nwh 12 years ago

    That was a very good read that I wasn't aware of, thanks for the URL.