[OTR-dev] Fingerprints?
alex323
alex323 at gmail.com
Tue Jan 18 09:20:01 EST 2005
In addition to that, how do you display the fingerprint to the user?
alex323 wrote:
> Who should be responsible for storing fingerprints on the hard drive?
> Should the client do it? Or should the library do it?
>
> Ian Goldberg wrote:
>
>> On Mon, Jan 17, 2005 at 04:42:04PM -0500, alex323 wrote:
>>
>>
>>> I'm still kind of lost on what a fingerprint is (in the OTR context)
>>> I've heard of D/RSA fingerprints.. is it the same?
>>> Is this a fingerprint?:
>>>
>>> "Calculate the session id as the SHA-1 hash of the (5+len)-byte value
>>> composed of the byte 0x00, followed by the (4+len) bytes of
>>> secbytes. When a new private connection is established, display
>>> these 8 bytes to the user as two 4-byte (big-endian) values, in C
>>> "%08x" format."
>>>
>>
>>
>> No, that's a session id. This is a fingerprint:
>>
>> The DSA key given in [the Key Exchange Message] has a "Fingerprint",
>> which is the SHA-1 hash of the portion of the message from the
>> beginning of the "p" field (including the MPI length) to the end of
>> the "e" field. This fingerprint should be displayed to the recipient
>> so that he may verify the sender's key.
>>
>> - Ian
>> _______________________________________________
>> OTR-dev mailing list
>> OTR-dev at lists.cypherpunks.ca
>> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>>
>>
>>
>
>
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
More information about the OTR-dev
mailing list