[messaging] "Pseudoword" base32 fingerprints

Robert Ransom rransom.8774 at gmail.com
Wed Feb 5 17:54:08 PST 2014

On 2/5/14, Peter Eckersley <pde-lists at eff.org> wrote:
> Also, it strikes me that checking a whole 160 bit fingerprint on first use
> is potentially more work than needs to be done.
> Protocols like this should be possible:
[low-latency interactive protocol omitted]

As I said in <https://moderncrypto.org/mail-archive/messaging/2014/000015.html>:
If the parties can set up an interactive connection, you can use a
40-bit ephemeral password to authenticate the key.  It wouldn't even
require a PAKE protocol.

Robert Ransom

More information about the Messaging mailing list