[messaging] "Pseudoword" base32 fingerprints

Sven Moritz Hallberg sm at khjk.org
Tue Feb 11 06:17:37 PST 2014


Hello List,

On Sun, 9 Feb 2014 23:00:11 -0800, Trevor Perrin <trevp at trevp.net> wrote:
> > B) The requirements for ephemeral authentication secrets vary by protocol,
> > but in the simplest case (e.g. Socialist millionaire) they be anything and
> > only need to be about 30-40 bits. In that case all we really need is an
> > invertible function from 30-40 random bits to a value that is easy to
> > recognize and (as a bonus) pronounce.
> 
> I wouldn't include OTR's Socialist Millionaire Protocol here, as it's
> based on questions ("where did we go for your birthday?"), not random
> values.  Short Auth Strings would fit here.

I'm not familiar with SAS, but SMP the protocol deals with any (short)
shared secret. The particular implementation in OTR asking for a
question is just fluff added because users tended not to understand what
they were supposed to do.

-SMH


More information about the Messaging mailing list