[OTR-dev] Fingerprints?
alex323
alex323 at gmail.com
Tue Jan 18 09:01:53 EST 2005
Thanks.
Ian Goldberg wrote:
>On Mon, Jan 17, 2005 at 04:42:04PM -0500, alex323 wrote:
>
>
>>I'm still kind of lost on what a fingerprint is (in the OTR context)
>>I've heard of D/RSA fingerprints.. is it the same?
>>Is this a fingerprint?:
>>
>>"Calculate the session id as the SHA-1 hash of the (5+len)-byte value
>>composed of the byte 0x00, followed by the (4+len) bytes of
>>secbytes. When a new private connection is established, display
>>these 8 bytes to the user as two 4-byte (big-endian) values, in C
>>"%08x" format."
>>
>>
>
>No, that's a session id. This is a fingerprint:
>
> The DSA key given in [the Key Exchange Message] has a "Fingerprint",
> which is the SHA-1 hash of the portion of the message from the
> beginning of the "p" field (including the MPI length) to the end of
> the "e" field. This fingerprint should be displayed to the recipient
> so that he may verify the sender's key.
>
> - Ian
>_______________________________________________
>OTR-dev mailing list
>OTR-dev at lists.cypherpunks.ca
>http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
>
>
More information about the OTR-dev
mailing list