[messaging] Two-pass DH instead commitment

CodesInChaos codesinchaos at gmail.com
Mon Feb 22 03:28:39 PST 2016

Why is that more convenient for you? The only advantage of your scheme
seems to be that you save 28 bytes in the second pass.

On Sat, Feb 20, 2016 at 9:21 PM, Van Gegel <torfone at ukr.net> wrote:

> I want to perform DH on the EC25519 and verify the secret using a short
> fingerprint (32 bits SAS). Typically in this case the commitment needed for
> preventing MitM by influence the responder's key after originator's key was
> received.
> To be securely the following scheme instead commitment:
> first exchange parts of the keys (first 224 bits) and then the remaining
> 32 bits during second pass?
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160222/00f78eb0/attachment.html>

More information about the Messaging mailing list