On 28 May 2014 22:59, Ian Goldberg <[email protected]> wrote: > On Wed, May 28, 2014 at 10:55:10PM +0100, Ben Laurie wrote: >> On 28 May 2014 19:57, Ian Goldberg <[email protected]> wrote: >> > On Wed, May 28, 2014 at 05:56:30PM +0100, Ximin Luo wrote: >> >> Thanks! I suppose this is the same reasoning as the DH-commit to protect >> >> the SAS in ZRTP[1]? >> > >> > Probably. >> > >> >> To clarify, does this mean the DH-commit is unnecessary if either: >> >> >> >> a. the session key is longer, say 128 bits or 256 bits (but this would >> >> make it "less useable" for verification), or >> >> b. we use a verification method that doesn't depend on the session id, >> >> such as direct fingerprint verification >> > >> > At first glance, those seem plausible to me. >> >> Now I'm curious: why is the session ID short? > > Usability of verification in the (long-since-deprecated) "compare > session IDs" method, which works even if you *know* your private keys > have been compromised (but only for the current session).
Confused. Why not verify a truncated hash of the (long) session ID? _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
