hashify: Uma Ferramenta para Visualização de Hashes com Animações
Abstract
Comparing hashes is an essential operation in digital security, but tedious and error-prone when the hashes are in the form of hexadecimal strings. This paper introduces a new hash visualization software with animations. The software, called hashify, uses 4 characters and 4 SVG icons to generate 2-second animations that transmit around 48 bits of a sequence derived from the original hash. It was implemented as a JavaScript library and embedded in a Firefox extension prototype, which uses the library to display a stamp of the HTTPS certificate used on a web page. The probability of collision and the results of a user survey attest to the effectiveness of hashify.
References
Akhawe, D. and Felt, A. P. (2013). Alice in Warningland: A Large-Scale Field Study of Browser SecurityWarning Effectiveness. In USENIX Security 13, pages 257–272.
Davis, C. (2011). RoboHash. https://robohash.org/.
Felt, A. P., Ainslie, A., Reeder, R.W., Consolvo, S., Thyagaraja, S., Bettes, A., Harris, H., and Grimes, J. (2015). Improving SSL Warnings: Comprehension and Adherence. In ACM CHI’15, pages 2893–2902.
Lin, Y.-H., Studer, A., Chen, Y.-H., Hsiao, H.-C., Kuo, L.-H., McCune, J. M., Wang, K.-H., Krohn, M., Perrig, A., Yang, B.-Y., et al. (2010). SPATE: Small-Group PKI-less Authenticated Trust Establishment. IEEE Transactions on Mobile Computing, 9(12):1666–1681.
Maina Olembo, M., Kilian, T., Stockhardt, S., Hülsing, A., and Volkamer, M. (2014). Developing and Testing SCoP–a Visual Hash Scheme. Information Management & Computer Security, 22(4):382–392.
Perrig, A. and Song, D. (1999). Hash Visualization: a New Technique to Improve Real-World Security. In CryTEC ’99.
Preshing, J. (2011). Hash collision probabilities. https://preshing.com/20110504/hash-collision-probabilities/.
Tan, J., Bauer, L., Bonneau, J., Cranor, L. F., Thomas, J., and Ur, B. (2017). Can Unicorns Help Users Compare Crypto Key Fingerprints? In ACM CHI’17, pages 3787–3798.
Davis, C. (2011). RoboHash. https://robohash.org/.
Felt, A. P., Ainslie, A., Reeder, R.W., Consolvo, S., Thyagaraja, S., Bettes, A., Harris, H., and Grimes, J. (2015). Improving SSL Warnings: Comprehension and Adherence. In ACM CHI’15, pages 2893–2902.
Lin, Y.-H., Studer, A., Chen, Y.-H., Hsiao, H.-C., Kuo, L.-H., McCune, J. M., Wang, K.-H., Krohn, M., Perrig, A., Yang, B.-Y., et al. (2010). SPATE: Small-Group PKI-less Authenticated Trust Establishment. IEEE Transactions on Mobile Computing, 9(12):1666–1681.
Maina Olembo, M., Kilian, T., Stockhardt, S., Hülsing, A., and Volkamer, M. (2014). Developing and Testing SCoP–a Visual Hash Scheme. Information Management & Computer Security, 22(4):382–392.
Perrig, A. and Song, D. (1999). Hash Visualization: a New Technique to Improve Real-World Security. In CryTEC ’99.
Preshing, J. (2011). Hash collision probabilities. https://preshing.com/20110504/hash-collision-probabilities/.
Tan, J., Bauer, L., Bonneau, J., Cranor, L. F., Thomas, J., and Ur, B. (2017). Can Unicorns Help Users Compare Crypto Key Fingerprints? In ACM CHI’17, pages 3787–3798.
Published
2020-10-13
How to Cite
RIBEIRO, Jorge Miguel; BATISTA, Daniel Macêdo; PINA, José Coelho de.
hashify: Uma Ferramenta para Visualização de Hashes com Animações. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 20. , 2020, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 109-116.
DOI: https://doi.org/10.5753/sbseg_estendido.2020.19277.
