Typically people would compare identity numbers over a voice channel. A sort of biometrics. It's been suggested that Signal add a voice channel feature for that purpose[1].
If a system is using a 4 digit number for identity verification, chances are it is something like a PAKE[2]. See OTR's (Off The Record) simplified Socialist Millionaire's Protocol for a practical example that allows the use of any string based on shared knowledge.
If a system is using a 4 digit number for identity verification, chances are it is something like a PAKE[2]. See OTR's (Off The Record) simplified Socialist Millionaire's Protocol for a practical example that allows the use of any string based on shared knowledge.
[1] https://sequoia-pgp.org/blog/2021/06/28/202106-hey-signal-gr...
[2] https://en.wikipedia.org/wiki/Password-authenticated_key_agr...