On 2/5/14, Peter Eckersley <[email protected]> wrote: > Also, it strikes me that checking a whole 160 bit fingerprint on first use > is potentially more work than needs to be done. > > Protocols like this should be possible: [low-latency interactive protocol omitted]
As I said in <https://moderncrypto.org/mail-archive/messaging/2014/000015.html>: If the parties can set up an interactive connection, you can use a 40-bit ephemeral password to authenticate the key. It wouldn't even require a PAKE protocol. Robert Ransom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
