[messaging] Key comparison [TextSecure]
Trevor Perrin
trevp at trevp.net
Tue Sep 1 14:00:18 PDT 2015
On Tue, Sep 1, 2015 at 12:54 AM, N A <2.7182 at mailbox.org> wrote:
> Hi,
>
> I have a question regarding the comparison of key fingerprints in the
> context of TextSecure. According to [1] TextSecure offers the ability for
> two users to compare fingerprints of their identity key out of band to
> detect a man in the middle attack. I was wondering why the prekey which
> was used to start the session is not part of the fingerprint?
There could be different sessions between users. For example, imagine
Bob has multiple devices that share the same identity key pair, but
have different prekeys. When Alice sends a message to Bob she'll
encrypt it using a different session for each of Bob's devices. Bob's
identity key is constant in all these sessions, but Bob's prekey
isn't.
Trevor
More information about the Messaging
mailing list