[messaging] Question regarding Whatsapp/Signal Safety Numbers

[Vincent Breitmoser]

Hi Trevor,

thanks for you reply

> If you hash everything together you have to worry about
> collision-resistance, so you still need a similar-sized value (e.g.
> 200 bits).

I thought about this for a while, and I see what you mean. Since hashing
the values together means Mallory can switch out keys on both sides, not
just Bob's, the attack scenario shifts from preimage(B) to
collision(A'B'). That makes sense, - too bad, really :)

 - V