burdges
commented
9 years ago I suppose the best way to implement a fingerprint is by taking the SHA-256 of the identity key, as we already use the SHA-256 elsewhere. Anything else to take into consideration?
Should pond have a fingerprint of the identity key that users are encouraged to share publicly instead of the public identity key itself?
Users might with to post messages like "Pond : ..." on their Twitter so that they can key up insecurely and verify the connection after the fact. At present, they'd do this with their public identity key, but if Edward's curve 25519 had any hick ups then nefarious parties could scan all publicly displayed pond identity keys for weak keys.
I'm happy to code this up if folks agree we need it. I'd probably use it in https://github.com/agl/pond/pull/144 too.