diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-08-16 11:40:09 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-08-16 11:40:09 +0200 |
commit | ceec3719d5f22928ff273136e37ab802c4efb90f (patch) | |
tree | 51a8ad1254e7007ab5902abc5d70d084643ca024 /doc | |
parent | b2d9f5936b7e867180199771c9e47c6d95ec8b8a (diff) | |
download | anastasis-ceec3719d5f22928ff273136e37ab802c4efb90f.tar.gz anastasis-ceec3719d5f22928ff273136e37ab802c4efb90f.tar.bz2 anastasis-ceec3719d5f22928ff273136e37ab802c4efb90f.zip |
clarify: salt, not nonce
Diffstat (limited to 'doc')
-rw-r--r-- | doc/sphinx/cryptography.rst | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst index 6e8c29b..406732a 100644 --- a/doc/sphinx/cryptography.rst +++ b/doc/sphinx/cryptography.rst @@ -199,7 +199,7 @@ individual **key share**, we use different salts ("erd" and "eks", respectively) and the encrypted **core secret**. **nonce0**: Nonce which is used to generate *key0* and *iv0* which are used for the encryption of the *recovery document*. -Nonce must contain the string "ERD". +This key derivation must be done using the salt "erd". **optional data**: Key material that optionally is contributed from the authentication method to further obfuscate the key share from the escrow provider. @@ -208,7 +208,8 @@ Here, **i** must be a positive number used to iterate over the various **key sha at the various providers. **nonce_i**: Nonce which is used to generate *key_i* and *iv_i* which are used for the encryption of the **key share**. **i** must be -the same number as specified above for *encrypted_key_share_i*. Nonce must contain the string "EKS" plus the according *i*. +the same number as specified above for *encrypted_key_share_i*. +Key derivation must be done using the salt "eks". As a special rule, when a **security question** is used to authorize access to an **encrypted_key_share_i**, then the salt "eks" is replaced with an (expensive) hash |