6

How to represent visually a number (like a key or hash) on a screen for visual comparison with another representation of that number on another screen (or another window) in such way that it would be very hard for an adversary (who knows the correct answer) to convince the user that different numbers are equal?

The applications would typically be to display a hash for the purpose of reliable but not to cumbersome user verification.

REMARK:

In the discussion, a "moved goalpost" was described as: "How to display two numbers for comparison when an attacker knows one number and can control the other, and the user isn't willing to look at more than a few characters?"

That's almost the question: the question is how to graphically show these numbers, for the purpose of visual comparison, as users probably will not want to carefully compare more than a few hex digits (or more than the first two).

curiousguy
  • 5,028
  • 3
  • 25
  • 27
  • 1
    I hope this doesn't just get suggestions and opinion answers. I already have one. (Insert a space between every four hexadecimal characters.) Citing results from a formal experiment would be much more interesting. – Future Security Dec 10 '19 at 23:28
  • 4
    [Identicons](https://en.wikipedia.org/wiki/Identicon) are an existing solution here. – Stephen Touset Dec 10 '19 at 23:47
  • 1
    @StephenTouset Identicons can be brute forced, as they can only represent a small number of bits. – Future Security Dec 11 '19 at 00:07
  • @StephenTouset That seems like a great suggestion. You should post it as an answer – Conor Mancone Dec 11 '19 at 00:15
  • I would combine both ideas, the one of hash of hash by ConorMancone and the identicon by stephentouset and present the identicon together with the hash of the hash to the user. User can then compare visually identicons and if identicons are exact, diff the 2 hashes. – LLub Dec 11 '19 at 00:28
  • 5
    OpenSSH used [randomart (ASCII) image](https://unix.stackexchange.com/questions/144702/whats-the-purpose-of-the-randomart-image-for-user-not-host-ssh-keys#144727) for this purpose. If you need to write an application that uses this kind of visual hash, there's a number of alternatives for [random visual hashes](https://visual-hash.readthedocs.io/en/latest/) that have similar properties for use in graphical key comparison. – Lie Ryan Dec 11 '19 at 03:49
  • 2
    @LieRyan Please don't post answers as comment. –  Dec 11 '19 at 06:56
  • 2
    https://github.com/drhus/awesome-identicons – forest Dec 11 '19 at 10:37
  • For good security, it may simply be that more work is required to be done by the user. You cannot guarantee the correctness of hundreds of bytes of data, for example, if comparing two hex characters or looking at five lines or three rectangles is all you can ask for. – caw Dec 13 '19 at 19:20

2 Answers2

2

Display one number directly below the other. Slowly move the two numbers on top of one another until they overlap. If they perfectly co-inside, they're the same number.

For bonus points, make one number in yellow, another in blue. Combined they make green.

Steve Sether
  • 21,480
  • 8
  • 50
  • 76
  • 2
    This won't work on different screens... – ThoriumBR Dec 11 '19 at 10:20
  • 2
    @ThoriumBR print the two numbers on transparency paper, and compare them. The inherent problem with this question is that it implies you have a lazy end user without a tool to compare them. The only real solution is to invent a tool since humans are just bad at this task, and computers good. – Steve Sether Dec 11 '19 at 15:41
1

Shower thoughts: train a Neural Network to generate 64x64 pixel faces (or cats, or flags, or flowers), using some properties of the numbers (a hash, a log, the remainder of a division by some prime). As soon as the network generates good looking faces (or flags, or cats), use it to transform the numbers into icons.

To avoid second pre-image attacks, add a second neural network trained to generate a different kind of icon, trained with a different dataset. Have both generating images based on the number, and show both icons to the user.

Show the icons to the user. It will be easy to tell if the numbers are the same, and will be very difficult to an adversary to bruteforce the generation algorithm without getting all your training data. Generating a similar image on both generators without the training data will be practically impossible, even if the attacker controls both numbers.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • 3
    This alone doesn't necessarily do a great job, or even a good one. You need to actually preserve the important properties of hashes. For instance, it should be second pre-image resistant, so that knowing an input value shouldn't allow us to create a second output image that looks similar to the first one. As a pathologically-bad example, a naïvely-trained neural net could produce nothing but unique-yet-similar faces. This would be worse than useless from a security perspective. – Stephen Touset Dec 11 '19 at 03:30
  • That's why it needs proper training. Using 2 dissimilar networks (one generates cats, other generates people) will be second pre-image resistant, as it's almost impossible to both generate similar icons for the same different numbers. – ThoriumBR Dec 11 '19 at 10:17
  • 2
    I really don't think there's any compelling reason to invoke NNs here. Existing graphical approaches don't use them, and using something like an NN only makes it more difficult to prove beyond a reasonable doubt that outputs will be visually distinct for one-bit differences in the input. – Stephen Touset Dec 11 '19 at 20:05