[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: clarify: salt, not nonce
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: clarify: salt, not nonce |
|
Date: |
Mon, 16 Aug 2021 11:40:12 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new ceec371 clarify: salt, not nonce
ceec371 is described below
commit ceec3719d5f22928ff273136e37ab802c4efb90f
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Aug 16 11:40:09 2021 +0200
clarify: salt, not nonce
---
doc/sphinx/cryptography.rst | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
index 6e8c29b..406732a 100644
--- a/doc/sphinx/cryptography.rst
+++ b/doc/sphinx/cryptography.rst
@@ -199,7 +199,7 @@ individual **key share**, we use different salts ("erd" and
"eks", respectively)
and the encrypted **core secret**.
**nonce0**: Nonce which is used to generate *key0* and *iv0* which are used
for the encryption of the *recovery document*.
-Nonce must contain the string "ERD".
+This key derivation must be done using the salt "erd".
**optional data**: Key material that optionally is contributed from the
authentication method to further obfuscate the key share from the escrow
provider.
@@ -208,7 +208,8 @@ Here, **i** must be a positive number used to iterate over
the various **key sha
at the various providers.
**nonce_i**: Nonce which is used to generate *key_i* and *iv_i* which are used
for the encryption of the **key share**. **i** must be
-the same number as specified above for *encrypted_key_share_i*. Nonce must
contain the string "EKS" plus the according *i*.
+the same number as specified above for *encrypted_key_share_i*.
+Key derivation must be done using the salt "eks".
As a special rule, when a **security question** is used to authorize access to
an
**encrypted_key_share_i**, then the salt "eks" is replaced with an (expensive)
hash
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: clarify: salt, not nonce,
gnunet <=