secure chat UX musing:

people are okay with discord invite links, and they look like MvDtq5g (so, alphanumeric mixed case). being generous and assuming that's base64, that's a "whole" 42 bits of entropy. if you assume 100 bits of entropy is enough, and you brute force to force 30ish bits to be all zeros (which isn't that unreasonable, to be honest), then vARu8g8jmq48 has 72 bits of data for an "invite link" to either join a group(authenticates the group to you, not you to the group), or a DM (authenticates you to others) works fine

hell, people are okay with signal.me links and those are huge chonkers. can't exactly write that down though, whereas you can pretty easily write down 12 alphanumeric chars. i have no clue why they don't stick a fingerprint in there (... unless they do?). that'd break the links if you lose your phone and don't have a key backup, but like, okay?