[messaging] Question regarding Whatsapp/Signal Safety Numbers

Joe joe at celo.io
Tue Oct 3 09:40:42 PDT 2017


On 09/27/2017 08:01 PM, Vincent Breitmoser wrote:
> I have been looking at the way safety numbers are constructed in Signal.
> This left me somewhat confused, and I thought I'd ask here for
> clarification :)
> As a brief recap, the safety numbers are structured like this:
>
> decimalize(SHA512^5200(id1_pub+userid1)) || decimalize(SHA512^5200(id2_pub+userid2))
>

Aha! I was pretty surprised the other day when I overheard a group of 
friends trying out Signal for the first time. They were walked through 
the fingerprint authentication (now changed to "security number") and of 
course, like everyone else does, decided to not speak the entire number, 
but to do some specific decimals instead. I was wondering what the heck 
was going on when I heard the same numbers being spoken out loud several 
times by different people, but this explains it. Thank you!


More information about the Messaging mailing list