Why is that more convenient for you? The only advantage of your scheme seems to be that you save 28 bytes in the second pass.
On Sat, Feb 20, 2016 at 9:21 PM, Van Gegel <[email protected]> wrote: > I want to perform DH on the EC25519 and verify the secret using a short > fingerprint (32 bits SAS). Typically in this case the commitment needed for > preventing MitM by influence the responder's key after originator's key was > received. > To be securely the following scheme instead commitment: > first exchange parts of the keys (first 224 bits) and then the remaining > 32 bits during second pass? > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > >
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
