9

OpenSSH allows to show a visual representation of fingerprints with the VisualHostKey, see announcement at O'Reilly and here. The output looks approximately like this:

# Host github.com found: line 53 type RSA
2048 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 |1|LCbDN2wZEUdf/m4pYL7OUiOk2RM=|QZw5k6xHgVjYct4Ja7VUUK0ZObs= (RSA)
+--[ RSA 2048]----+
|        .        |
|       + .       |
|      . B .      |
|     o * +       |
|    X * S        |
|   + O o . .     |
|    .   E . o    |
|       . . o     |
|        . .      |
+-----------------+

I am wondering and could not find any literature on this, how "visually unique" are the resulting patterns? I.e. how difficult is it to create a near collision not in fingerprint space but in the image space? In the above example, most users would probably not notice if some o were replaced by . or O by 0.

Are there published results about the cryptographic strength of random art against pre-image attacks (pun intended)?

quazgar
  • 240
  • 1
  • 8

1 Answers1

4

The visual fingerprint was introduced in OpenSSH version 5.1. The basic idea behind this feature is, firstly, humans are unreliable in comparing meaningless strings and secondly, it is easier to remember visual patterns.

Explanation of OpenSSH algorithm is given by Dirk Loss, Tobias Limmer, and Alexander von Gernler in "The drunken bishop: An analysis of the OpenSSH fingerprint visualization algorithm".

The approach is based on Hash Visualization: a new technique to improve real-world security.

If you are looking for a simpler explanation then this blog could be helpful.

Hjulle
  • 906
  • 1
  • 6
  • 10
Jor-el
  • 2,061
  • 17
  • 24
  • -1 this doesn't really answer the actual question. – Adi Nov 05 '13 at 16:11
  • @Adnan is that second link,[Hash Visualization](https://sparrow.ece.cmu.edu/group/pub/old-pubs/validation.pdf), a published paper from Carnegie Mellon University, not sufficient for your requirement for a published result? – Rubber Duck Nov 05 '13 at 16:18
  • 3
    @RubberDuck The whole answer is a repeating what the OP said + some links. We, at Security.StackExchange, tend to frown upon link-only answers. A summarization of the contents and some quotes would have made this an acceptable answer. Otherwise, links should be left as comments. – Adi Nov 05 '13 at 16:21
  • Thanks, the first link at least explains the algorithm and asks some more specific questions which then maybe can be answered. – quazgar Nov 05 '13 at 16:35
  • Despite the backlash you received, I appreciate the answer a lot more than the zero other answers that were posted in the 7.5 years since the question was asked. Updated link btw: http://users.ece.cmu.edu/~dawnsong/papers/randomart.pdf – Gerry Mar 16 '21 at 20:11