[OTR-dev] Fingerprints?

alex323 alex323 at gmail.com
Tue Jan 18 09:07:06 EST 2005


Who should be responsible for storing fingerprints on the hard drive? 
Should the client do it? Or should the library do it?

Ian Goldberg wrote:

>On Mon, Jan 17, 2005 at 04:42:04PM -0500, alex323 wrote:
>  
>
>>I'm still kind of lost on what a fingerprint is (in the OTR context) 
>>I've heard of D/RSA fingerprints.. is it the same?
>>Is this a fingerprint?:
>>
>>"Calculate the session id as the SHA-1 hash of the (5+len)-byte value
>>composed of the byte 0x00, followed by the (4+len) bytes of
>>secbytes. When a new private connection is established, display
>>these 8 bytes to the user as two 4-byte (big-endian) values, in C
>>"%08x" format."
>>    
>>
>
>No, that's a session id.  This is a fingerprint:
>
>  The DSA key given in [the Key Exchange Message] has a "Fingerprint",
>  which is the SHA-1 hash of the portion of the message from the
>  beginning of the "p" field (including the MPI length) to the end of
>  the "e" field.  This fingerprint should be displayed to the recipient
>  so that he may verify the sender's key.
>
>   - Ian
>_______________________________________________
>OTR-dev mailing list
>OTR-dev at lists.cypherpunks.ca
>http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
>  
>





More information about the OTR-dev mailing list