diff options
Diffstat (limited to 'doc/tor-spec.txt')
| -rw-r--r-- | doc/tor-spec.txt | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt index e92b9d72e3..70a215e40a 100644 --- a/doc/tor-spec.txt +++ b/doc/tor-spec.txt @@ -268,12 +268,12 @@ when do we rotate which keys (tls, link, etc)? If CREATE_FAST is used, the client and server base their key material on K0=X|Y. - From the base key material g^xy, they compute derivative key material as - follows. Next, the server computes 100 bytes of key data as K = SHA1(K0 - | [00]) | SHA1(K0 | [01]) | ... SHA1(K0 | [04]) where "00" is a single - octet whose value is zero, [01] is a single octet whose value is one, etc. - The first 20 bytes of K form KH, bytes 21-40 form the forward digest Df, - 41-60 form the backward digest Db, 61-76 form Kf, and 77-92 form Kb. + From the base key material K0, they compute 100 bytes of derivative + key data as K = SHA1(K0 | [00]) | SHA1(K0 | [01]) | ... SHA1(K0 | + [04]) where "00" is a single octet whose value is zero, [01] is a + single octet whose value is one, etc. The first 20 bytes of K form + KH, bytes 21-40 form the forward digest Df, 41-60 form the backward + digest Db, 61-76 form Kf, and 77-92 form Kb. KH is used in the handshake response to demonstrate knowledge of the computed shared key. Df is used to seed the integrity-checking hash |