Intention
When encrypting messages, recipients need to validate that a sender is, in fact, the person they say they are. To do this, the sender gives the recipient a long number generated computationally, called a key fingerprint. Then, the recipient gets a message with a fingerprint and manually compares the message and sender fingerprints, a tedious and difficult task. In one experiment testing the difficulty of key comparisons, between 1/5 and 1/3 of users failed to find differences [1].
If the keys do not match, there are three main scenarios that might be occurring:
- The message was garbled due to bad transmission (unlikely)
- The message accidentally got sent to/from the wrong person
- The message was sent from an impersonator (a Man in the Middle Attack)
In the 3rd case, impersonators often attempt to change the fingerprint only slightly (e.g., changing only one digit) so that the difference is even more difficult to find. As vulnerable populations such as activists and journalists often rely on this type of encryption, the impact of accidentally trusting an impersonator could be serious or even deadly.
As a result, there have been many attempts to improve the usability of fingerprints. Because the fingerprints are simple, static numbers, they can be mapped to other "spaces" to make fingerprint comparisons easier. For example, there are programs that map fingerprints to sentences, ASCII art, flags, random abstract graphics, and even unicorn avatars. The images below show examples of a unicorn fingerprint and the slowed-down process of mapping an ASCII art fingerprint.
In this project, I will build a similar mapping from fingerprint hashes to cross-stitch patterns. Why?
- Cross-stitchers are already skilled at comparing patterns. Cross-stitchers are used to careful comparisons between a pattern and work in progress, so it's possible that they'll perform well when comparing fingerprints in a medium they're already skilled with. Moreover, the use of cross-stitch frames comparison as a careful process rather than a one-off action.
- Different people benefit from different representations. For example, for language-based fingerprints, familiarity with the language can improve or decrease comparison accuracy. Different users prefer and perform best on a variety of fingerprint representations. [2]
- Both cybersecurity and craft are gendered. In society's eyes, hacking, technology, and security are masculine. Cross-stitch is feminine. Women report much lower levels of self-efficacy for computer technology [3], which translates to women using cybersecurity tools less, and adjusting their web behavior to avoid risk. Re-framing security may help bridge that gap.