[OTR-users] Shared secret authentication?
Ian Goldberg
ian at cypherpunks.ca
Thu Jan 20 20:12:19 EST 2005
On Thu, Jan 20, 2005 at 07:27:13PM -0500, Ian Goldberg wrote:
> That's a pretty interesting suggestion. An easy way would be to
> calculate SHA-1(dir, sessionid, secret) and exchange those values
> [once the session is established]. (Use the stretched secret, of
> course.)
I just wanted to clarify that this method will authenticate the person
to whom you're speaking, but not their fingerprint. If you want to
authenticate their fingerprint as well, you can either just exchange
fingerprints in the now-authenticated channel, or include the
fingerprints in the above hash.
- Ian
More information about the OTR-users
mailing list