Cryptography Reference
In-Depth Information
perceptual system.
46
Though perception may appear to introduce a hope-
lessly subjective dimension into the mathematical proof process, several
proposals have sought to enroll it as an element of cryptographic design,
including hash visualization functions and visual cryptography.
Hash Visualization Functions
The distribution of public keys through certificates does not in itself solve
the key distribution problem, but merely displaces it (see “Security Ser-
vices” in chapter 4). In order to verify digital signatures, users still need to
acquire the authentic public key of the certification authority. However,
securely obtaining the key through an electronic network would require
users to have a public key in the first place. For this reason, web browsers
are provided with preinstalled “root” public-key certificates, which users
must simply trust to have remained authentic and uncorrupted.
Because such blind trust puts the entire signature verification process
on a shaky foundation, Anderson and colleagues have advocated the dis-
tribution of confirmatory information through offline means. For example,
a telephone book-like register might contain a “fingerprint” (the hash) of
the certification authority's public key. Users can then compare the finger-
prints of public keys embedded in their web browsers with those in the
register and thus “ground the trust required for electronic commerce and
other online applications in the trust that has been built up over the years
in the world of print publishing.”
47
For example, an entry in Anderson's
1988
Global Trust Register
reads as follows:
Verisign Inc.
1390. Shorebird Way, Mountain View, CA 94043, USA
Tel: +1 650 961 7500
Fax: +1 650 961 7300
practices@verisign.com
http://www.verisign.com
VeriSign Class 1 Primary CA
00 EC 35 D1 : 64 A0 B9 24 :: 16 79 C0 64 : C1 06 48 84
Perrig and Song have pointed out that even this process can be cumber-
some and prone to error, as users need to laboriously compare the sixteen
hexadecimal digits of the fingerprints. They propose that
hash visualization
