[OTR-dev] Fingerprints?

Ian Goldberg ian at cypherpunks.ca
Mon Jan 17 19:24:17 EST 2005


On Mon, Jan 17, 2005 at 04:42:04PM -0500, alex323 wrote:
> I'm still kind of lost on what a fingerprint is (in the OTR context) 
> I've heard of D/RSA fingerprints.. is it the same?
> Is this a fingerprint?:
> 
> "Calculate the session id as the SHA-1 hash of the (5+len)-byte value
> composed of the byte 0x00, followed by the (4+len) bytes of
> secbytes. When a new private connection is established, display
> these 8 bytes to the user as two 4-byte (big-endian) values, in C
> "%08x" format."

No, that's a session id.  This is a fingerprint:

  The DSA key given in [the Key Exchange Message] has a "Fingerprint",
  which is the SHA-1 hash of the portion of the message from the
  beginning of the "p" field (including the MPI length) to the end of
  the "e" field.  This fingerprint should be displayed to the recipient
  so that he may verify the sender's key.

   - Ian



More information about the OTR-dev mailing list