[OTR-dev] hash commitment in DH key exchange

Ben Laurie ben at links.org
Wed May 28 19:20:09 EDT 2014


On 28 May 2014 23:44, Nikita Borisov <nikita at illinois.edu> wrote:
> On Wed, May 28, 2014 at 11:27 PM, Ben Laurie <ben at links.org> wrote:
>> On 28 May 2014 22:59, Ian Goldberg <ian at cypherpunks.ca> wrote:
>>> On Wed, May 28, 2014 at 10:55:10PM +0100, Ben Laurie wrote:
>>>> Now I'm curious: why is the session ID short?
>>>
>>> Usability of verification in the (long-since-deprecated) "compare
>>> session IDs" method, which works even if you *know* your private keys
>>> have been compromised (but only for the current session).
>>
>> Confused. Why not verify a truncated hash of the (long) session ID?
>
> The session ID *is* a truncated hash of the DH shared key. IIRC, it
> is(was) only used for user session verification, so there's no reason
> to have a separate longer sessionID.

OK ... so why do we need a commitment again?

>
> - Nikita
> --
> Nikita Borisov - http://hatswitch.org/~nikita/
> Associate Professor, Electrical and Computer Engineering
> Tel: +1 (217) 244-5385, Office: 460 CSL



More information about the OTR-dev mailing list