On Wed, May 28, 2014 at 05:56:30PM +0100, Ximin Luo wrote: > Thanks! I suppose this is the same reasoning as the DH-commit to protect the > SAS in ZRTP[1]?
Probably. > To clarify, does this mean the DH-commit is unnecessary if either: > > a. the session key is longer, say 128 bits or 256 bits (but this would > make it "less useable" for verification), or > b. we use a verification method that doesn't depend on the session id, > such as direct fingerprint verification At first glance, those seem plausible to me. > Come to think of it, why does the SMP secret include the session id? > Isn't the fingerprints enough? (I had thought perhaps this was to > prevent replay attacks, but including the fingerprints should mean > that no successful run of SMP is ever seen by a MitM, to be able to > store and replay it later.) By including the session id in the SMP secret, it's at least possible to detect the case where your private key has been stolen. _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
