> After Alice logs in on a new device, she uses her cryptographic identity to demonstrate to Bob that the new device genuinely belongs to her, rather than being added by someone else with access to her account. She can do this either by entering her recovery key (which gives the new device immediate access to her cryptographic identity ), or by carrying out an interactive verification from an existing verified device.

navigate8310 5 hours ago | parent [-]

So is this like the Signal PIN which is required when installing on a new device? If you forget, the cryptography changes and old contacts are warned that signatures are rotated, right?

▲

kevincox 5 hours ago | parent | next [-]

Yes, the purpose is the same but the UX is a bit different.

	▲	rebolek an hour ago \| parent \| next [-]
		If by bit different you mean absolute nightmare then yes
	▲	Lerc 4 hours ago \| parent \| prev [-]
		Quite. I have yet to manage a verification between clients. I have had all variations of clients ignoring requests, reporting requests only for the requesting client to ignore the response. Both ends quitting declaring that the other end cancelled, asking for the other end to input a code while the other end shows no interface for doing so. It marked the end of me using Matrix as a platform. I'd go back to the old IRC channels if there were anyone still there.

▲

octoberfranklin 4 hours ago | parent | prev | next [-]

More like the safety number / QR code.

The numerical Signal PINs are basically just for when you bootstrap your Signal identity from a telephone number.

▲

jojobas 3 hours ago | parent | prev [-]

Except Signal PIN appears to be trivial to bruteforce for Signal itself, unlike this properly secure verification.