undefined | Better HN

0 pointsDonGateley12y ago0 comments

I wish they'd explain this "fingerprint" system that secures Diffie-Hellman against the man in the middle. e.g. how are fingerprints exchanged? If you can exchange anything truly securely, you can exchange good old fashioned public keys. If you can't exchange something securely you can't stop MIM attack.

0 comments

1 comments · 1 top-level

tashmahalic12y ago

It works like ssh. When you send or receive securely, you can see a fingerprint of your peer's public key, and a fingerprint of your own public key. Your peer sees these too.

To mitigate MITM attacks, ask your peer for their public key fingerprint using something other than WireOver: phone, SMS, email, PGP email - whatever you're comfortable with. That's your "second factor of authentication".

Your approval is cached so you only need to do it once.

We'll better explain this on the website.

j / k navigate · click thread line to collapse