[messaging] Short Auth Strings

Adam Zimmerman adam at digitalpirate.ca
Fri Jan 31 10:36:29 PST 2014


On 14-01-31 09:24 AM, Trevor Perrin wrote:
>  - SAS are maybe useful for text chat, though I'm not sure how much
> they're used in OTR compared to fingerprints or PAKE (OTR is unusual
> in having all three options.  Is there any data on which users
> prefer?)

OTR used to have something called a session id (IIRC), which was
essentially a long version of an SAS. I think they removed it around the
same time they started using the Socialist Millionaire Protocol to do
shared secret auth, for usability reasons.

Nowadays, OTR clients just use a simple fingerprint comparison as the
"barebones" type of authentication.

- Adam


More information about the Messaging mailing list