[OTR-dev] hash commitment in DH key exchange
Ben Laurie
ben at links.org
Wed May 28 17:55:10 EDT 2014
On 28 May 2014 19:57, Ian Goldberg <ian at cypherpunks.ca> wrote:
> On Wed, May 28, 2014 at 05:56:30PM +0100, Ximin Luo wrote:
>> Thanks! I suppose this is the same reasoning as the DH-commit to protect the SAS in ZRTP[1]?
>
> Probably.
>
>> To clarify, does this mean the DH-commit is unnecessary if either:
>>
>> a. the session key is longer, say 128 bits or 256 bits (but this would
>> make it "less useable" for verification), or
>> b. we use a verification method that doesn't depend on the session id,
>> such as direct fingerprint verification
>
> At first glance, those seem plausible to me.
Now I'm curious: why is the session ID short?
More information about the OTR-dev
mailing list