我需要为用户可以记住或至少容易识别的 RSA 密钥创建指纹。想到了以下想法:
还有其他想法吗?我确信这已经以一种或另一种形式实施。
OpenSSH包含类似的东西,名称为“可视主机密钥”。尝试这个:
ssh -o VisualHostKey=yes somesshhost
somesshhost运行 SSH 服务器的机器在哪里。它将打印出服务器密钥的“指纹”,既可以是十六进制,也可以是 ASCII 艺术图像,如下所示:
+--[ RSA 2048]----+
| .+ |
| + o |
| o o + |
| + o + |
| . o E S |
| + * . |
| X o . |
| . * o |
| .o . |
+-----------------+
或者像这样:
+--[ RSA 1024]----+
| .*BB+ |
| . .++o |
| = oo. |
| . =o+.. |
| So+.. |
| ..E. |
| |
| |
| |
+-----------------+
显然,这是受到本文中描述的技术的启发。OpenSSH 是开源的,具有类似 BSD 的许可证,因此您很可能可以简单地重用他们的代码(它似乎在key.c文件中,函数key_fingerprint_randomart())。
For item 3 (entries in a word list), see RFC-1751 - A Convention for Human-Readable 128-bit Keys, which notes that
The authors of S/Key devised a system to make the 64-bit one-time password easy for people to enter.
Their idea was to transform the password into a string of small English words. English words are significantly easier for people to both remember and type. The authors of S/Key started with a dictionary of 2048 English words, ranging in length from one to four characters. The space covered by a 64-bit key (2^64) could be covered by six words from this dictionary (2^66) with room remaining for parity. For example, an S/Key one-time password of hex value:
EB33 F77E E73D 4053would become the following six English words:
TIDE ITCH SLOW REIN RULE MOT
You could also use a compound fingerprint to improve memorability, like english words followed (or preceeded) by one or more key-dependent images.
For generating the image, you could use things like Identicon, Wavatar, MonsterID, or RoboHash.
Example:
TIDE ITCH SLOW
REIN RULE MOT
我发现了一种叫做随机艺术的东西,它可以从哈希中生成图像。有一个 Python 实现可供下载:http ://www.random-art.org/about/
还有一篇关于使用随机艺术进行身份验证的论文:http: //sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
从 1999 年开始;我不知道是否对此进行了进一步的研究。
