What happened to short authentication strings? The SAS protocol is nicely documented in the Silent Circle Instant Messaging Protocol paper [1], but when I go to "Verify identity" in the app I'm asked to verify an obnoxiously long pair of hexadecimal strings.
The phone call feature supports it (with a curious lack of documentation), but it would be easy to imagine a UI that allowed verification without making a phone call and without allowing users to screw it up: one phone shows the SAS string, the other phone asks you to type it in, and neither phone allows IMs to be sent while doing this.
The phone call feature supports it (with a curious lack of documentation), but it would be easy to imagine a UI that allowed verification without making a phone call and without allowing users to screw it up: one phone shows the SAS string, the other phone asks you to type it in, and neither phone allows IMs to be sent while doing this.