[doomrobo]

There are middle boxes between the two peers, yes? Routers and such. They observe the encrypted messages. They can brute force the password, even after the session is over.

Even if you assume the PIN is uniformly random (you should not assume this), it is only log2((10+26)^6) ~ 31 bits of entropy. This does not satisfy standard notions of secure channel establishment.

[nenaoki]

The pin would just be for coordination, not encryption.

[doomrobo]

Ah ok. How is the encryption key, if there is one, established then?

[nenaoki]

I think they just use the encryption and key exchange that WebRTC has cooked in https://datatracker.ietf.org/doc/html/rfc5764

[lxgr]

tl;dr: One peer generates a self-signed certificate and sends the fingerprint of that over the signalling channel; the other connects to it as a "client".

The resulting DTLS keying material is subsequently used for SRTP encryption (for media) and SCTP over DTLS (for the data channel, which is presumably what's being used here).

[avovsya]

You're right, thank you for answering!