The fact that this works means that comparing keys visually by their artwork is insecure, since it allows you to generate a key pair which looks very similar to a target public key. I guess visual fingerprints might not have enough entropy.
It's probably still more secure than trying to compare the regular old string representations (who checks more than the last 5 characters from the end?)
And plus, you still have to brute force it to get one that looks close
> Once visualization is introduced, so is aesthetics. This feature presents a great opportunity to fight against truly random key generation in order to trade security for arbitrary human desires.
If this person made this tool specifically for the satire opportunity, that's hilarious.
I guess if you use this, then the security of your key is only as strong as for how many minutes the bruteforce took (since anyone else could also run the tool and generate their own key matching the desired fingerprint in the same amount of minutes you needed - or less).
I don't think the idea is to use the visual representation of the SSH key as a security mechanism but rather to have an SSH key that looks cool when you visualize it.
The fact that this works means that comparing keys visually by their artwork is insecure, since it allows you to generate a key pair which looks very similar to a target public key. I guess visual fingerprints might not have enough entropy.
It's probably still more secure than trying to compare the regular old string representations (who checks more than the last 5 characters from the end?)
And plus, you still have to brute force it to get one that looks close
"kill the artist when patience is depleted"
drastic!
> Once visualization is introduced, so is aesthetics. This feature presents a great opportunity to fight against truly random key generation in order to trade security for arbitrary human desires.
If this person made this tool specifically for the satire opportunity, that's hilarious.
I guess if you use this, then the security of your key is only as strong as for how many minutes the bruteforce took (since anyone else could also run the tool and generate their own key matching the desired fingerprint in the same amount of minutes you needed - or less).
I don't think the idea is to use the visual representation of the SSH key as a security mechanism but rather to have an SSH key that looks cool when you visualize it.
so the exact same as any other crypto key?
This is cool as a project, but relying on humans to do pixel-perfect matching for security is probably a bad idea (well, glyph-perfect).
On the other hand - when ssh warns you the host key has changed but the art looks unchanged to your eye, you know something serious has happened.
I wish Bitcoin produced at least something like that.