[messaging] Key comparison [TextSecure]

N A 2.7182 at mailbox.org
Tue Sep 1 00:54:44 PDT 2015


I have a question regarding the comparison of key fingerprints in the
context of TextSecure. According to [1] TextSecure offers the ability for
two users to compare fingerprints of their identity key out of band to
detect a man in the middle attack. I was wondering why the prekey which
was used to start the session is not part of the fingerprint? If the
identity key of a user is compromised, prekeys on the server could be
replaced with forged ones by an attacker who possesses the complete
identity key. The comparison of identity key fingerprints would not
be able to detect this. Including the prekey during key comparison would
ensure that users know for sure that―even in the presence of compromised
identity keys―no one posed as a man in the middle. Am I missing something

Many thanks in advance for your answers!

[1] "How secure is TextSecure" [https://eprint.iacr.org/2014/904.pdf]

More information about the Messaging mailing list