people wrote:
> And just where exactly and in what protocols and apps are
> going to build in that feedback popup... browsers? ssh? MUA? ping? skype?
> Vanity addresses encourage people to only verify the human-readable part
> That said, if an address is completely incapable, even hostile to vali
On Mon, Aug 10, 2015 at 09:36:22PM +, Alec Muffett wrote:
> On Aug 10, 2015, at 2:00 PM, Philipp Winter wrote:
> > Vanity addresses encourage people to only verify the human-readable part
> > of an address before clicking on it. That creates a false sense of
> > security, which is already exp
> On Aug 10, 2015, at 2:00 PM, Philipp Winter wrote:
>
> Vanity addresses encourage people to only verify the human-readable part
> of an address before clicking on it. That creates a false sense of
> security, which is already exploited by spoofed onion service addresses
> whose prefix and suf
On Mon, Aug 10, 2015 at 08:47:05AM +0100, bernard wrote:
> > On 9 Aug 2015, at 23:43, Philipp Winter wrote:
> >
> > Vanity onion addresses, for example, might have done more harm than good
>
> Why do you say that? What harm would human readable .onion addresses
> do? And to who?
Vanity addresse
> On 9 Aug 2015, at 23:43, Philipp Winter wrote:
>
> Vanity onion addresses, for example, might have done more harm than good
Why do you say that? What harm would human readable .onion addresses do? And to
who?
> As a result, maybe we should make it intentionally
> *harder* to manage raw oni
>>
> I wonder if a better way forward is to focus on tools (e.g., a petname
> system in Tor Browser) to automate dealing with onion addresses rather
> than making them easier to deal with for humans.
I worked on implementing the X.500 Directory Project which had similar goals
for e-mail addresse
On Sat, Aug 08, 2015 at 11:36:35AM +, Alec Muffett wrote:
> 1) it’s all very well to go an mine something like “facebookcorewwwi”
> as an onion address, but 16 characters probably already exceeds human
> ability for easy string comparison.
I wonder if a better way forward is to focus on tools
On Sat, Aug 8, 2015 at 9:05 AM, Roger Dingledine wrote:
> On Sat, Aug 08, 2015 at 11:36:35AM +, Alec Muffett wrote:
>> 5) taking a cue from World War Two cryptography, breaking this into banks of
>> five characters which provide the eyeball a point upon which to rest, might
>> help:
>>
>>
On Sun, 9 Aug 2015 at 13:29 Alec Muffett wrote:
>
> On Aug 9, 2015, at 12:36 PM, Ben Laurie wrote:
>
> Can I make my usual radical suggestion? By all means discuss, but once
> you've finished deciding what you think is best for humans, please actually
> test your theory. On humans (and that mean
> On Aug 9, 2015, at 12:36 PM, Ben Laurie wrote:
>
> Can I make my usual radical suggestion? By all means discuss, but once you've
> finished deciding what you think is best for humans, please actually test
> your theory. On humans (and that means, not CS students and not Mechanical
> Turk).
On Sat, 8 Aug 2015 at 13:12 Alec Muffett wrote:
> Hence this email, in the hope of kicking off a discussion between people
> who care about human factors. :-)
>
Can I make my usual radical suggestion? By all means discuss, but once
you've finished deciding what you think is best for humans, ple
On Sun, 2015-08-09 at 07:26 +, Jeremy Rand wrote:
> > Isn't the 51% attack down to a 20ish% attack now?
>
> The estimate I did was based on Namecoin hashrate, not Bitcoin
> hashrate. I assume that's the distinction you're referring to, though
> you're not really making it clear.
No. I haven
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/09/2015 06:54 AM, Jeff Burdges wrote:
>
>> I did a rough calculation about a year ago of how much it would
>> cost to buy ASIC miners that could 51%-attack Namecoin, and it
>> came out to just under a billion USD.
>
> Isn't the 51% attack dow
> I did a
> rough calculation about a year ago of how much it would cost to buy
> ASIC miners that could 51%-attack Namecoin, and it came out to just
> under a billion USD.
Isn't the 51% attack down to a 20ish% attack now?
> Of course, a real-world attacker would (in my
> estimate) probably
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/08/2015 11:39 PM, Jeff Burdges wrote:
> On Sat, 2015-08-08 at 08:44 -0400, Paul Syverson wrote:
>> One is to produce human meaningful names in association with
>> onion addresses. Coincidentally Jesse has just announce to this
>> same list a
> On Sat, Aug 08, 2015 at 11:36:35AM +, Alec Muffett wrote:
> > 4) from Proposal 244, the next generation addresses will probably be
> > about this long:
> >
> > a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion
> >
> > 5) taking a cue from World War Two cryptography, bre
On Sat, Aug 8, 2015 at 7:36 AM, Alec Muffett wrote:
> 9) appending a credit-card-like “you typed this properly” extra few
> characters checksum over the length might be helpful (10..15 bits?) -
> ideally this might help round-up the count of characters to a full field,
> a1uik-0w1gm-fq3i5-ievxd-m
Hi,
Right now, .onion URLs are not human readable. Neither are they easy for humans
to recognise OR recall.
The way information is presented to humans can greatly influence how we
recognise, recall it and process it.
The ideal situation is for the user to recognise a piece of information. It
On 08 Aug (11:36:35), Alec Muffett wrote:
> Hi All,
>
> Having Beer with Donncha, Yan and others in Berlin a few days ago, discussion
> moved to Onion-Address Human Factors.
Beers, very nice! :)
[snip]
>
> 5) taking a cue from World War Two cryptography, breaking this into banks of
> five ch
> On Aug 8, 2015, at 1:44 PM, Paul Syverson wrote:
Hi Paul!
I think it would be valid to propose a third direction, which is to partially
give-up arguing about the importance of Zooko’s Triangle and instead make
attempts to meet human beings and computers somewhere in the middle.
I don’t bel
—
Alec Muffett
Security Infrastructure
Facebook Engineering
London
> On Aug 8, 2015, at 2:05 PM, Roger Dingledine wrote:
>
> https://urldefense.proofpoint.com/v1/url?u=https://trac.torproject.org/projects/tor/ticket/15622&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=t0V
Gah, I am evidently having a bad day with e-mail, so I am going to send a typo
correction with this and then go do something else instead.
Corrections in caps, below.
—
Alec Muffett
Security Infrastructure
Facebook Engineering
London
> On Aug 8, 2015, at 2:14 PM, Alec Muffett wrote:
>
> Pleas
On Sat, Aug 08, 2015 at 11:36:35AM +, Alec Muffett wrote:
> 5) taking a cue from World War Two cryptography, breaking this into banks of
> five characters which provide the eyeball a point upon which to rest, might
> help:
>
> a1uik-0w1gm-fq3i5-ievxd-m9ceu-27e88-g6o7p-e0rff-dw9jm-ntw
Hi Alec,
On Sat, Aug 08, 2015 at 11:36:35AM +, Alec Muffett wrote:
> Hi All,
>
> Having Beer with Donncha, Yan and others in Berlin a few days ago,
> discussion moved to Onion-Address Human Factors.
>
> Summary points:
>
> 1) it’s all very well to go an mine something like
> “facebookcoreww
Hi All,
Having Beer with Donncha, Yan and others in Berlin a few days ago, discussion
moved to Onion-Address Human Factors.
Summary points:
1) it’s all very well to go an mine something like “facebookcorewwwi” as an
onion address, but 16 characters probably already exceeds human ability for
e
>
> On Aug 8, 2015, at 12:36 PM, Alec Muffett wrote:
>
> 9) appending a credit-card-like “you typed this properly” extra few
> characters checksum over the length might be helpful (10..15 bits?) - ideally
> this might help round-up the count of characters to a full field, eg: XXX in
> this?
>
26 matches
Mail list logo
