The fact that this works means that comparing keys visually by their artwork is insecure, since it allows you to generate a key pair which looks very similar to a target public key. I guess visual fingerprints might not have enough entropy.
Where's the proof that this works?
It's a brute forcing tool with the goal of finding the desired fingerprint, but there's no demonstration of it actually working.
It's enough to find a fingerprint that's visually similar enough. It doesn't have to be exactly the same. That's many orders of magnitude easier than finding an exact match!
> and kill the artist when patience is depleted.
This is the key part. You probably have to have _a lot_ of patience to get anything reasonable.
It's probably still more secure than trying to compare the regular old string representations (who checks more than the last 5 characters from the end?)
And plus, you still have to brute force it to get one that looks close
> means that comparing keys visually by their artwork is insecure
I'm not sure if this goal is achievable.