[OTR-dev] hash commitment in DH key exchange
Ben Laurie
ben at links.org
Wed May 28 19:20:53 EDT 2014
On 29 May 2014 00:20, Ben Laurie <ben at links.org> wrote:
> On 28 May 2014 23:44, Nikita Borisov <nikita at illinois.edu> wrote:
>> On Wed, May 28, 2014 at 11:27 PM, Ben Laurie <ben at links.org> wrote:
>>> On 28 May 2014 22:59, Ian Goldberg <ian at cypherpunks.ca> wrote:
>>>> On Wed, May 28, 2014 at 10:55:10PM +0100, Ben Laurie wrote:
>>>>> Now I'm curious: why is the session ID short?
>>>>
>>>> Usability of verification in the (long-since-deprecated) "compare
>>>> session IDs" method, which works even if you *know* your private keys
>>>> have been compromised (but only for the current session).
>>>
>>> Confused. Why not verify a truncated hash of the (long) session ID?
>>
>> The session ID *is* a truncated hash of the DH shared key. IIRC, it
>> is(was) only used for user session verification, so there's no reason
>> to have a separate longer sessionID.
>
> OK ... so why do we need a commitment again?
Oh. I see. :-)
More information about the OTR-dev
mailing list