clarify: salt, not nonce

1 files changed, 3 insertions, 2 deletions

diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
index 6e8c29b..406732a 100644
--- a/doc/sphinx/cryptography.rst
+++ b/doc/sphinx/cryptography.rst
@@ -199,7 +199,7 @@ individual **key share**, we use different salts ("erd" and "eks", respectively)
 and the encrypted **core secret**.
 
 **nonce0**: Nonce which is used to generate *key0* and *iv0* which are used for the encryption of the *recovery document*.
-Nonce must contain the string "ERD".
+This key derivation must be done using the salt "erd".
 
 **optional data**: Key material that optionally is contributed from the authentication method to further obfuscate the key share from the escrow provider.
 
@@ -208,7 +208,8 @@ Here, **i** must be a positive number used to iterate over the various **key sha
 at the various providers.
 
 **nonce_i**: Nonce which is used to generate *key_i* and *iv_i* which are used for the encryption of the **key share**. **i** must be
-the same number as specified above for *encrypted_key_share_i*. Nonce must contain the string "EKS" plus the according *i*.
+the same number as specified above for *encrypted_key_share_i*.
+Key derivation must be done using the salt "eks".
 
 As a special rule, when a **security question** is used to authorize access to an
 **encrypted_key_share_i**, then the salt "eks" is replaced with an (expensive) hash