I want to perform DH on the EC25519 and verify the secret using a short fingerprint (32 bits SAS). Typically in this case the commitment needed for preventing MitM by influence the responder's key after originator's key was received. To be securely the following scheme instead commitment: first exchange parts of the keys (first 224 bits) and then the remaining 32 bits during second pass?
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
