25th USENIX Security Symposium has ended
Back To Schedule
Wednesday, August 10 • 3:00pm - 3:30pm
An Empirical Study of Textual Key-Fingerprint Representations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Many security protocols still rely on manual fingerprint comparisons for authentication. The most well-known and widely used key-fingerprint representation are hexadecimal strings as used in various security tools. With the introduction of end-to-end security in WhatsApp and other messengers, the discussion on how to best represent key-fingerprints for users is receiving a lot of interest.

We conduct a 1047 participant study evaluating six different textual key-fingerprint representations with regards to their performance and usability. We focus on textual fingerprints as the most robust and deployable representation.

Our findings show that the currently used hexadecimal representation is more prone to partial preimage attacks in comparison to others. Based on our findings, we make the recommendation that two alternative representations should be adopted. The highest attack detection rate and best usability perception is achieved with a sentence-based encoding. If language-based representations are not acceptable, a simple numeric approach still outperforms the hexadecimal representation.


Yasemin Acar

Leibniz University Hannover

Sascha Fahl

Leibniz University Hannover
avatar for Matthew Smith

Matthew Smith

Professor, Rheinische Friedrich-Wilhelms-Universität Bonn & Fraunhofer FKIE

Wednesday August 10, 2016 3:00pm - 3:30pm PDT
Zilker Ballroom 3

Attendees (5)