[kwlug-disc] Using mnemonicode for GPG fingerprints

Bob Jonkman bjonkman at sobac.com
Fri Jul 6 18:15:13 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmm.  I grabbed source from the tree and compiled it last night.  I'm
using a 64-bit version of Ubuntu; could it be a word-size problem?

I see that the translation of the first 8 octets (six mnemonicode
words) are the same.  That's suspiciously close to 64 bits.

I was just reading about the PGP Word List[1] and it seems more robust
against transposition errors between words, since it uses two lists,
alternating between two-syllable and three-syllable words.  I only
realized a couple of weeks ago that mmemonicode and the PGP Word List
aren't the same, nor compatible with each other.

- --Bob.

[1] https://en.wikipedia.org/wiki/PGP_word_list



On 12-07-06 05:42 PM, Chris Frey wrote:
> On Fri, Jul 06, 2012 at 02:29:10PM -0400, Bob Jonkman wrote:
>> $ echo 04F7 742B 8F54 C40A E115  26C2 B912 89B0 D2CC
>> E5EA|mnencode -x
>> 
>> Wordlist ver 0.7 genius version final. alex pablo berlin. cactus
>> visible pulse dance insect ninja. valery jasmine double
> 
> My test, using the latest git tree from here:
> 
> https://github.com/singpolyma/mnemonicode.git
> 
> Using commit 7a1892563a
> 
> Gives:
> 
> $ echo 04F7 742B 8F54 C40A E115  26C2 B912 89B0 D2CC E5EA |
> ./mnencode -x Wordlist ver 0.7 genius version final. alex pablo
> berlin. isabel aladdin trivial tunnel lecture heaven. section
> number plume
> 
> Which is not the same as yours above.
> 
> Decoding my results returns the correct fingerprint.
> 
> So it seems there's a problem with your particular encoder.
> 
> I'm not sure that mnemonic encoder is an improvement for
> over-the-phone verification, though.  Using something like the
> phonetic alphabet is probably just as accurate, and doesn't require
> the receiver to know how to spell all the words you give him. :-)
> 
> Fortunately, for hex, all we have to memorize are: Alpha, Bravo,
> Charlie, Delta, Echo, Foxtrot.
> 
> - Chris
> 
> 
> _______________________________________________ kwlug-disc mailing
> list kwlug-disc at kwlug.org 
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAk/3Y2oACgkQuRKJsNLM5erZZgCg04JDNAWkGyXjV/yWw5ZDH2Y8
KCIAoJlTE3wVtykpBZ4nw8UUZrd+gLdm
=es9K
-----END PGP SIGNATURE-----



More information about the kwlug-disc mailing list