On 14-01-31 09:24 AM, Trevor Perrin wrote: > - SAS are maybe useful for text chat, though I'm not sure how much > they're used in OTR compared to fingerprints or PAKE (OTR is unusual > in having all three options. Is there any data on which users > prefer?)
OTR used to have something called a session id (IIRC), which was essentially a long version of an SAS. I think they removed it around the same time they started using the Socialist Millionaire Protocol to do shared secret auth, for usability reasons. Nowadays, OTR clients just use a simple fingerprint comparison as the "barebones" type of authentication. - Adam _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
