Eugene

Saving/logging TLS session keys breaks perfect forward secrecy

It looks like we are in violent agreement ;)

I understand, and I was purposely misusing your example, sorry :) Arguably, a doctor and a mechanic can explain stuff in non-technical detail to a layperson, but I don't know how often people ask for such explanations. They wants things to "just work", their cars, and (strangely), their bodies. If we had an expert system that could answer interactive user questions, that would be good, better than just walls of documentation. Tooltips would help as well. But my point remains that at such a critical...

Cars don't have "Radiator hose" or "Timing chain" lights. They have "Check engine" lights. Cars also have an implicit connotation of fatal accidents if one does not know how to operate them. Crypto does not evoke such a visceral response (see other studies, which I can reference on request). It may not be a good idea (but than again, it may be!) to attempt to teach users something during literally the first step of using this software. I agree that info buttons will likely help, but I'm not convinced...

I don't think an informational tooltip is going to help much. I would focust on better naming. @enigma2illusion is right, even "Header Key Algorithm or Volume Header Algorithm" are far too technical. From a novice point of view, they may know what "key" means, but "header", "volume", and even "algorithm"? I doubt it. In our research ("The Usability of TrueCrypt, or How I Learned to Stop Whining and Fix an Interface") we tried to stay away from the word "volume" and used "container" instead. I can't...

In our research, that was a major problem with the mouse movement -- lack of clear progress and an explicit indivation when enough entropy is available. If that is clarified, the mouse movement can be kept. I'm still of the opinion that mouse entropy should be collected at the background, starting when the wizard launches, and thus potentially avoiding waiting for mouse movement at all.

I completely agree with @van-fouran. Advanced users will know (or figure out) where to find advanced options, but @cryptolover, if you really want to make good crypto mainstream, we must consider how to convert novice users. UI improvements are a first step. Better documentation is unfortunately unlikely to make a difference.

I completely agree with @van-fouran (Felix). Advanced users will know (or figure out) where to find advanced options, but @cryptolover, if you really want to make good crypto mainstream, we must consider how to convert novice users. UI improvements are a first step. Better documentation is unfortunately unlikely to make a difference.