[messaging] Question regarding Whatsapp/Signal Safety Numbers

Trevor Perrin trevp at trevp.net
Wed Sep 27 11:10:54 PDT 2017


On Wed, Sep 27, 2017 at 6:01 PM, Vincent Breitmoser
<look at my.amazin.horse> wrote:
>
> Simply hashing all of the public keys and user ids together into one
> Alice+Bob-specific safety number has none of these problems, yielding
> the same 100 bits preimage attack scenario, in only half the digits.

Hi Vincent,

If you hash everything together you have to worry about
collision-resistance, so you still need a similar-sized value (e.g.
200 bits).

So that doesn't reduce the size, but that does lose the ability to
extract out individual "fingerprints" from the safety number halves.

Trevor


More information about the Messaging mailing list