|
From: | Johan Pascal |
Subject: | Re: [Linphone-developers] Call encryption SAS key |
Date: | Fri, 12 Dec 2014 12:23:00 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
Hi,SAS is not a key but an authentication string allowing to avoid MiM attack when using ZRTP. SAS is actually the translation into a readable format of the hash of some part of the crypto material generated using ZRTP(see ZRTP rfc for more details).
SAS shall be validated by the call participants, each one giving to the other a part of the displayed SAS and being able to check the peer SAS matches his.
There are 2 possibilities of SAS representation, 4 characters or 2 words picked from a words list. Currently bzrtp implement the 4 characters representation only. There is no effect on the security, the 2 words display purpose is to make easier the oral SAS checking.
Johan On 10/12/14 07:55, Dharmendra Baghel wrote:
Hi All, Can be change or increase SAS key length. currently its length is 6 char and i want to increase it to 16 char for more security. how it is possible to change size. please let me know as soon as possible. / Thanks & Regards,/*/ /* */Dharmendra Baghel/* _______________________________________________ Linphone-developers mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/linphone-developers
[Prev in Thread] | Current Thread | [Next in Thread] |