tomrittervg
commented
10 years ago Awesome, I've opened issues for this. Obviously we want to do this as soon as feasible, but can you remind me what our hard deadline is?
Open corbett opened 10 years ago
tomrittervg
commented
10 years ago Awesome, I've opened issues for this. Obviously we want to do this as soon as feasible, but can you remind me what our hard deadline is?
corbett
commented
10 years ago July 15
Sent from my iPad
On May 25, 2014, at 2:02 AM, Tom Ritter notifications@github.com wrote:
Awesome, I've opened issues for this. Obviously we want to do this as soon as feasible, but can you remind me what our hard deadline is?
\ Reply to this email directly or view it on GitHub.
tomrittervg
commented
10 years ago Okay, and is that for the data, or for everything to be completed by? On May 25, 2014 2:54 AM, "Christine Corbett Moran" notifications@github.com wrote:
July 15
Sent from my iPad
On May 25, 2014, at 2:02 AM, Tom Ritter notifications@github.com wrote:
Awesome, I've opened issues for this. Obviously we want to do this as soon as feasible, but can you remind me what our hard deadline is?
\ Reply to this email directly or view it on GitHub.
Reply to this email directly or view it on GitHubhttps://github.com/tomrittervg/crypto-usability-study/issues/3#issuecomment-44118314 .
corbett
commented
10 years ago Data On May 25, 2014 2:52 PM, "Tom Ritter" notifications@github.com wrote:
Okay, and is that for the data, or for everything to be completed by? On May 25, 2014 2:54 AM, "Christine Corbett Moran" < notifications@github.com> wrote:
July 15
Sent from my iPad
On May 25, 2014, at 2:02 AM, Tom Ritter notifications@github.com wrote:
Awesome, I've opened issues for this. Obviously we want to do this as soon as feasible, but can you remind me what our hard deadline is?
\ Reply to this email directly or view it on GitHub.
Reply to this email directly or view it on GitHub< https://github.com/tomrittervg/crypto-usability-study/issues/3#issuecomment-44118314
.
— Reply to this email directly or view it on GitHubhttps://github.com/tomrittervg/crypto-usability-study/issues/3#issuecomment-44132489 .
tomrittervg
commented
10 years ago I believe that the current output of the scripts, while not complete in the sense of doing everything we set out to do, are sufficient enough to conduct the study. What do you think?
corbett
commented
10 years ago I will try at some point soon; I can't work on this until after my thesis is submitted in any case (mid August)
On Wed, Jul 16, 2014 at 9:26 PM, Tom Ritter notifications@github.com wrote:
I believe that the current output of the scripts, while not complete in the sense of doing everything we set out to do, are sufficient enough to conduct the study. What do you think?
— Reply to this email directly or view it on GitHub https://github.com/tomrittervg/crypto-usability-study/issues/3#issuecomment-49214400 .
Christine Corbett Moran christine.corbett@gmail.com Physics @ ICS.uzh.ch // Zurich: +41 79 962 4499 Dev @ http://circleof6app.com // Boston: +1 (617) 398-0452 Dev @ https://whispersystems.org // SF: +1 (415) 670 9629 www.christinecorbettmoran.com
corbett
commented
10 years ago OK, so I can't run this study until mid August as mentioned, but I actually updated the test generation to generate enough data for 15 people. Let me know if the 50/50 probability is what we want, we can mod the script accordingly. I kind of think in reality errors are so rare, that the probability of a fingerprint mismatch should be tuned to be very low (however we want probably at least one per pair, and maximum 100 comparisons probably due to fatigue, so we can't go to a sub 1% occurrence IMHO.)
check out https://github.com/tomrittervg/crypto-usability-study/pull/10
also I did not find a way of generating the 5th type "Visual Fingerprints (Using OpenSSH's visual host keys)" automatically yet in the repo.
On Thu, Jul 17, 2014 at 1:35 PM, Christine Corbett Moran < christine.corbett@gmail.com> wrote:
I will try at some point soon; I can't work on this until after my thesis is submitted in any case (mid August)
On Wed, Jul 16, 2014 at 9:26 PM, Tom Ritter notifications@github.com wrote:
I believe that the current output of the scripts, while not complete in the sense of doing everything we set out to do, are sufficient enough to conduct the study. What do you think?
— Reply to this email directly or view it on GitHub https://github.com/tomrittervg/crypto-usability-study/issues/3#issuecomment-49214400 .
Christine Corbett Moran christine.corbett@gmail.com Physics @ ICS.uzh.ch // Zurich: +41 79 962 4499 Dev @ http://circleof6app.com // Boston: +1 (617) 398-0452 Dev @ https://whispersystems.org // SF: +1 (415) 670 9629 www.christinecorbettmoran.com
Christine Corbett Moran christine.corbett@gmail.com Physics @ ICS.uzh.ch // Zurich: +41 79 962 4499 Dev @ http://circleof6app.com // Boston: +1 (617) 398-0452 Dev @ https://whispersystems.org // SF: +1 (415) 670 9629 www.christinecorbettmoran.com
trevp
commented
10 years ago Looking good, couple comments:
For hex:
https://moderncrypto.org/mail-archive/messaging/2014/000004.html
For the english poems:
tomrittervg
commented
10 years ago Merged. Basically I ran out of time, couldn't get Visual Fingerprints going quickly, and dedicated that time to working on the others.
As far as spacing, yes I will do that.
Tracking structure instead of estimating: Yes. I was avoiding editing the perl script, but I can actually reverse the number of structural bits in python anyway, so I will do that.
Number of bits to mutate: I thought hard about this, and it confused me, so I might have gotten it wrong. But we want to simulate a 2^80ish attacker. That means they can't control 48 bits. They 'spend' 20 of their bits on the structure, so now they can't control 68 bits.
trevp
commented
10 years ago I think you're double-counting those 20 bits. If they can't control 48 bits, you just need to mutate 48 bits, since the 2^80 work gets spent on structure and whatever you don't mutate, you don't to account for structure again. I think.
tomrittervg
commented
10 years ago I thought you were wrong, tried to write it out to explain it, now I think you're right. Let's say I go along, mutating 48 bits of words, then stop. There's 2^80 bits in the phrase left that are un-mutated. That includes about 20 bits of structure and the rest are in the word selection. Okay, I'll change that too.
trevp
commented
10 years ago Sounds right, except the sentence-generator usually consumes more than 128 bits to wrap up the last sentence, so maybe you should output the actual number of bits consumed and subtract 80 from that?
Also, is the perl an exact match for Michael Rogers' code? It might be good to just use his thing as the canonical reference.
Trevor
The basic study design is ready to go. We can do the study for free at the University of Zurich (some budget for chocolate..., but I'll fund that) with 30 pilot volunteers. Then we can decide if we want to e.g. do a mechanical turk study to compliment.
The next steps would be to go ahead and generate the data that we will use in the study.