[Thali-talk] QR codes

Michael Rogers michael at briarproject.org
Wed Apr 1 17:45:38 EDT 2015 

On 01/04/15 17:51, Yaron Goland wrote:
> So I tried out the app and I have a few observations.
> 
> Repeat after me: Android Studio! :) Oh well, at least I now know the Eclipse importer really well on Intellij.

Bah, get off my lawn. :-)

> Unfortunately the camera didn't activate on my Samsung Galaxy S4 running 4.3. To be fair though I have had camera issues with the phone in the past. But usually a fresh reboot cleared up those problems and the phone was freshly booted and completely unused when I tried out your app. My N7 running 4.4.4 however worked just fine.

Thanks for letting me know. I've pushed a change that might fix this -
if not, it would be great if you could send me a log.

> I also noticed that the QRCode you used was small. We got those working pretty well as well. But to move a decent sized key you will need a lot more data and that is where we ran into issues. It often worked but it was tricky. I suppose you could try a hybrid approach where you pass some kind of validation hash via QRCode and then the actual data via BLE/Bluetooth/Wi-Fi direct. But to make this "secure" against someone observing the QRCode you would need a hash long enough to make a rainbow table attack not work. Which I suspect would bring you back to the big QRCode issue.

Yeah, we'll need to put at least 38 bytes in the QR code (32-byte public
key hash and 6-byte Bluetooth address). The zxing encoder seems to want
the data as a string; using base64 would turn 38 bytes into 61 characters.

I've updated the test image to contain 62 characters. Recognition
performance seems to be worse, but that may be partly due to auto-focus
issues that I'm still debugging.

> I also think that having to stick the phones in front of each other is still tricky but I'm probably a Luddite.

It's definitely not ideal, but right now this feels better to me than
the Bluetooth discovery method we've been using so far.

Of course, I haven't written the backend for this yet, so it's not
really a fair comparison at this point.

Cheers,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://pairlist10.pair.net/pipermail/thali-talk/attachments/20150401/3960eb0a/attachment.pgp>

More information about the Thali-talk mailing list