alex323 at gmail.com
Tue Jan 18 09:07:06 EST 2005
Who should be responsible for storing fingerprints on the hard drive?
Should the client do it? Or should the library do it?
Ian Goldberg wrote:
>On Mon, Jan 17, 2005 at 04:42:04PM -0500, alex323 wrote:
>>I'm still kind of lost on what a fingerprint is (in the OTR context)
>>I've heard of D/RSA fingerprints.. is it the same?
>>Is this a fingerprint?:
>>"Calculate the session id as the SHA-1 hash of the (5+len)-byte value
>>composed of the byte 0x00, followed by the (4+len) bytes of
>>secbytes. When a new private connection is established, display
>>these 8 bytes to the user as two 4-byte (big-endian) values, in C
>No, that's a session id. This is a fingerprint:
> The DSA key given in [the Key Exchange Message] has a "Fingerprint",
> which is the SHA-1 hash of the portion of the message from the
> beginning of the "p" field (including the MPI length) to the end of
> the "e" field. This fingerprint should be displayed to the recipient
> so that he may verify the sender's key.
> - Ian
>OTR-dev mailing list
>OTR-dev at lists.cypherpunks.ca
More information about the OTR-dev