ha, love this. Riot.im's new device verification flow involves keys represented by series of emoji (it used to be 45 characters)
Riot.im has also just reached version 1.0
More here: https://medium.com/@RiotChat/the-big-1-0-68fa7c6050be
@schlink Oh, for christ's sake, I have a hard enough time keeping my friggin' passwords straight.
@schlink I've been using Riot a bit lately and liking it. Did 1.0 fix the fact that e2e encryption breaks their search function?
It basically forces me to keep my chats unencrypted which I don't like
@schlink Did they ever fix that IP leak?
@schlink more like Slack v3 built with Matrix
@Tathar more broadly, I think as tech/"AI" improves, it will become increasingly important to present some key information in ways that are easy for humans to manipulate/remember
I'd rather be an AI person though. I could have an app like LastPass in my mind for that, and have excessively long passwords that only it can remember.
long (~1000 char) Show more
I think that a mind-uploaded AI would be sufficiently like a human mind (and perhaps even shaped and structured like one) to be able to accomplish those same tasks well, but also be able to integrate more traditional computer programs for specialized tasks. That's what I was getting at with the AI mention.
It looks like that emoji-based diceware implementation is particularly good for right-now attacks, and could grow in effectiveness if it adapts to the growth of emojis as a character set. Right now, the example will take a long time to crack offline even if you know it's an emoji password of 7 length: emoji search space depth 2823 ^ number of emoji 7 comes out to 1.4e+24, which is *plenty* good today, assuming no password reuse. The expansion of emojis as a character set can also offset the gradual increase in computing power over time, so that would reduce the amount of security concerns to worry about even down the road. You'd still have to worry about the implementation of the authentication and good-old password reuse though.