RFC2289 specifies a similar format that can be used on hex fingerprints, that lends itself much more easily to fingerprints that you see on a screen and type back into another place (see Appendix D for the full list of words).
The words are shorter and a nice mix of verbs and adjectives often results in accidental poetry of the best kind, e.g:
SALE ANTI CUBA HERO LIN DOME
There’s a ruby gem for generating/parsing them, called sixword. I can highly recommend this format (and the gem) for stuff like SSH and GPG fingerprints (:
I don’t understand where this would be used? Could a kind soul give me an example, please?
It’s a representation of data using words. Using the example that’s provided on that Wikipedia page, instead of transmitting the following PGP fingerprint:
E582 94F2 E9A2 2748 6E8B 061B 31CC 528F D7FA 3F19
you would transmit a bunch of words:
topmost Istanbul Pluto vagabond treadmill Pacific brackish dictator goldfish Medusa afflict bravado chatter revolver Dupont midsummer stopwatch whimsical cowbell bottomless
So, E5 maps to topmost, 82 maps to Istanbul, and so on.
There’s some code examples that utilize this. One I found is on GitHub.
And why would you want to transmit your public key fingerprint as words instead of bytes? Because you are reading it aloud over the phone to someone. The words are chosen to be easily distinguishable even on a poor-quality connection.
Note that E5 doesn’t always map to topmost – for odd bytes it maps to travesty. The different wordlists for even and odd bytes make it easier to tell when you missed hearing a byte, so you can ask the speaker to repeat it.
Those also are easier to type on most phone keyboards. I have a password generator that generates similar-looking passwords like “exile limit rio polka easy simon cargo bogart chess” (96 bits of entropy).
The automated search converged to an optimized solution in about 40 hours on a DEC Alpha, a particularly fast machine in that era.
I enjoyed those days.