[messaging] Two-pass DH instead commitment

Van Gegel torfone at ukr.net
Sat Feb 20 12:21:16 PST 2016

I want to perform DH on the EC25519 and verify the secret using a short fingerprint (32 bits SAS). Typically in this case the commitment needed for preventing MitM by influence the responder's key after originator's key was received.  
To be securely the following scheme instead commitment: 
first exchange parts of the keys (first 224 bits) and then the remaining 32 bits during second pass? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160220/0613f963/attachment.html>

More information about the Messaging mailing list