[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] Call encryption SAS key

From: Johan Pascal
Subject: Re: [Linphone-developers] Call encryption SAS key
Date: Fri, 12 Dec 2014 12:23:00 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0

SAS is not a key but an authentication string allowing to avoid MiM attack when using ZRTP. SAS is actually the translation into a readable format of the hash of some part of the crypto material generated using ZRTP(see ZRTP rfc for more details).

SAS shall be validated by the call participants, each one giving to the other a part of the displayed SAS and being able to check the peer SAS matches his.

There are 2 possibilities of SAS representation, 4 characters or 2 words picked from a words list. Currently bzrtp implement the 4 characters representation only. There is no effect on the security, the 2 words display purpose is to make easier the oral SAS checking.


On 10/12/14 07:55, Dharmendra Baghel wrote:
Hi  All,

Can be change or increase SAS key length. currently its length is 6 char
and i want to increase it to 16 char for more security. how it is
possible to change size. please let me know as soon as possible.

Thanks & Regards,/*/

*/Dharmendra Baghel/*

Linphone-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]