SoylentNews is people
SoylentNews
Submission Preview
A Proposal for a Visual Hash
I had fun over Christmas writing error correction and barcode software. Some may say that I should get outside more often but perhaps it is a public service that I don't. I'm reliably informed, from a friend who works in retail, that an implementation of the EAN-13 encoding algorithm [wikipedia.org], running on a web server, accessed via a smartphone, allows havoc to be created at a self-service checkout.
Wanting a more substantial challenge along this line, and being inspired by a recent discussion about security, in which UID2339 noted [soylentnews.org]:
As for hashes - I usually do check them for the software I download. I verify the first four or five digits, maybe the last four or five, with a quick glance.
Well, it occurs to me that even people who should know better (me included) rarely check more than 20 bits of a hash or fingerprint before relying upon the result indefinitely. Unfortunately, it is feasible to spoof 20 bits (or significantly more if MD5 is used [soylentnews.org]). However, this does not get around the fastidiousness required to make such checks.
For the public good, I propose a visual hash in which 30 or more bits can be compared in a single glance. This is not perfect. This does not cover all cases. However, if it is possible to increase the number of bits which can be casually compared by end users then it reduces susceptibility to attack. Something along the line of a default Gravatar icon (grid of squares and triangles) mushed up with a CAPTCHA would be a good start. This would allow 40 or more bits to be compared in a manner in which discrepancies would be very obvious.
It would be desirable if such an image can be printed in monochrome but this is a secondary consideration. I don't claim any originality with this idea. Indeed, even from a selfish point of view, it would be counter-productive to make any intellectual claim. My only hope is that an encoding exists, can be trivially adapted or emerges from this suggestion.
